httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
Date Thu, 10 Jun 2021 09:26:35 GMT


> Am 09.06.2021 um 22:10 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
> 
> Le 08/06/2021 à 13:42, mjc@apache.org a écrit :
>> Author: mjc
>> Date: Tue Jun  8 11:42:36 2021
>> New Revision: 1890598
>> URL: http://svn.apache.org/viewvc?rev=1890598&view=rev
>> Log:
>> Fix the release date and version
>> Modified:
>>     httpd/site/trunk/content/security/json/CVE-2019-17567.json
>>     httpd/site/trunk/content/security/json/CVE-2020-13938.json
>>     httpd/site/trunk/content/security/json/CVE-2020-13950.json
>>     httpd/site/trunk/content/security/json/CVE-2020-35452.json
>>     httpd/site/trunk/content/security/json/CVE-2021-26690.json
>>     httpd/site/trunk/content/security/json/CVE-2021-26691.json
>>     httpd/site/trunk/content/security/json/CVE-2021-30641.json
>>     httpd/site/trunk/content/security/json/CVE-2021-31618.json
>> Modified: httpd/site/trunk/content/security/json/CVE-2019-17567.json
>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890598&r1=1890597&r2=1890598&view=diff
>> ==============================================================================
>> --- httpd/site/trunk/content/security/json/CVE-2019-17567.json (original)
>> +++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Tue Jun  8 11:42:36
2021
>> @@ -13,14 +13,14 @@
>>        "value": "reported"
>>      },
>>      {
>> -      "time": "--",
>> +      "time": "2021-06-01",
>>        "lang": "eng",
>>        "value": "public"
>>      },
>>      {
>> -      "time": "--",
>> +      "time": "2021-06-01",
>>        "lang": "eng",
>> -      "value": "2.4.47 released"
>> +      "value": "2.4.48 released"
>>      }
>>    ],
>>    "CNA_private": {
>> @@ -30,7 +30,7 @@
>>      "ASSIGNER": "security@apache.org",
>>      "AKA": "",
>>      "STATE": "PUBLIC",
>> -    "DATE_PUBLIC": "--",
>> +    "DATE_PUBLIC": "2021-06-01",
>>      "ID": "CVE-2019-17567",
>>      "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
>>    },
>> @@ -210,4 +210,4 @@
>>        ]
>>      }
>>    }
>> -}
>> \ No newline at end of file
>> +}
> 
> Not a big issue from my point of view, but now cvetool, CHANGES and CHANGES_2.48 are
not in line anymore with vulnerabilities_xx.html
> 
> My own preference is for keeping 2.4.47 because it was really fixed in this version,
even if not announced.
> 
> I guess that it is mostly a matter of taste and that both point of view are acceptable.
> 
> CJ

From users's point of view, it seems more usable when CVE announcements point to releases
they can actually get from us, I guess.

The fact that one has to explain the httpd release numbering to everyone outside the project,
says that we are outside the main stream. It seems for no other reason than history. All fair
enough.

Stefan


Mime
View raw message