couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Fix for CVE-2010-3854
Date Wed, 27 Feb 2013 12:14:19 GMT
Thanks Jan. We'll update procedure accordingly.


On 27 February 2013 12:06, Jan Lehnardt <jan@apache.org> wrote:

> Note: we didn’t have these as our procedure for handling these
> didn’t include an item "update NEWS & CHANGES". I believe that we
> should have done this *and* keept a record which commit(s) reflect
> which CVEs for later reference.
>
> On Feb 27, 2013, at 13:04 , Jan Lehnardt <jan@apache.org> wrote:
>
> > Confirmed.
> >
> > On Feb 25, 2013, at 21:19 , Noah Slater <nslater@apache.org> wrote:
> >
> >> Hey,
> >>
> >> When did the fix for CVE-2010-3854 land? From the disclosure, it looks
> like
> >> 1.0.2. It is not mentioned in any NEWS or CHANGES.
> >>
> >> Please confirm 1.0.2. is correct.
> >>
> >> Thanks,
> >>
> >> --
> >> NS
> >
>
>


-- 
NS

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message