tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Romain Manni-Bucau (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-1768) Mention CVE-2015-8581 as resolved vulnerability next to CVE-2016-0779
Date Mon, 04 Apr 2016 21:14:25 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-1768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225063#comment-15225063
] 

Romain Manni-Bucau commented on TOMEE-1768:
-------------------------------------------

Side note: 2016 number is the official one we got for this issue. The other one was not mentionned
therefore shouldnt be on the website AFAIK.

> Mention CVE-2015-8581 as resolved vulnerability next to CVE-2016-0779
> ---------------------------------------------------------------------
>
>                 Key: TOMEE-1768
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1768
>             Project: TomEE
>          Issue Type: Documentation
>    Affects Versions: 1.7.4, 7.0.0-M3
>            Reporter: Robert Panzer
>              Labels: documentation
>         Attachments: patch.diff
>
>
> The current documentation mentions at http://openejb.apache.org/security/tomee.html CVE-2016-0779
[1] as a vulnerability resolved in TomEE 1.7.4 and 7.0.0-M3.
> CVE-2016-0779 seems to be a duplicate of CVE-2015-8581 [2].
> Therefore CVE-2015-8581 should also be mentioned on this page.
> I will provide a patch for this adding a link to the other vulnerability.
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0779
> [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8581



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message