Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Dev
Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
christophe.jaillet at wanadoo
Jun 9, 2021, 1:10 PM
Post #1 of 2 (186 views)
Permalink
Le 08/06/2021 à 13:42, mjc@apache.org a écrit :
> Author: mjc
> Date: Tue Jun 8 11:42:36 2021
> New Revision: 1890598
>
> URL: http://svn.apache.org/viewvc?rev=1890598&view=rev
> Log:
> Fix the release date and version
>
> Modified:
> httpd/site/trunk/content/security/json/CVE-2019-17567.json
> httpd/site/trunk/content/security/json/CVE-2020-13938.json
> httpd/site/trunk/content/security/json/CVE-2020-13950.json
> httpd/site/trunk/content/security/json/CVE-2020-35452.json
> httpd/site/trunk/content/security/json/CVE-2021-26690.json
> httpd/site/trunk/content/security/json/CVE-2021-26691.json
> httpd/site/trunk/content/security/json/CVE-2021-30641.json
> httpd/site/trunk/content/security/json/CVE-2021-31618.json
>
> Modified: httpd/site/trunk/content/security/json/CVE-2019-17567.json
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890598&r1=1890597&r2=1890598&view=diff
> ==============================================================================
> --- httpd/site/trunk/content/security/json/CVE-2019-17567.json (original)
> +++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Tue Jun 8 11:42:36 2021
> @@ -13,14 +13,14 @@
> "value": "reported"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> "value": "public"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> - "value": "2.4.47 released"
> + "value": "2.4.48 released"
> }
> ],
> "CNA_private": {
> @@ -30,7 +30,7 @@
> "ASSIGNER": "security@apache.org",
> "AKA": "",
> "STATE": "PUBLIC",
> - "DATE_PUBLIC": "--",
> + "DATE_PUBLIC": "2021-06-01",
> "ID": "CVE-2019-17567",
> "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
> },
> @@ -210,4 +210,4 @@
> ]
> }
> }
> -}
> \ No newline at end of file
> +}
>
>

Not a big issue from my point of view, but now cvetool, CHANGES and
CHANGES_2.48 are not in line anymore with vulnerabilities_xx.html

My own preference is for keeping 2.4.47 because it was really fixed in
this version, even if not announced.

I guess that it is mostly a matter of taste and that both point of view
are acceptable.

CJ
Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json [ In reply to ]
stefan.eissing at greenbytes
Jun 10, 2021, 2:26 AM
Post #2 of 2 (185 views)
Permalink
> Am 09.06.2021 um 22:10 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
>
> Le 08/06/2021 à 13:42, mjc@apache.org a écrit :
>> Author: mjc
>> Date: Tue Jun 8 11:42:36 2021
>> New Revision: 1890598
>> URL: http://svn.apache.org/viewvc?rev=1890598&view=rev
>> Log:
>> Fix the release date and version
>> Modified:
>> httpd/site/trunk/content/security/json/CVE-2019-17567.json
>> httpd/site/trunk/content/security/json/CVE-2020-13938.json
>> httpd/site/trunk/content/security/json/CVE-2020-13950.json
>> httpd/site/trunk/content/security/json/CVE-2020-35452.json
>> httpd/site/trunk/content/security/json/CVE-2021-26690.json
>> httpd/site/trunk/content/security/json/CVE-2021-26691.json
>> httpd/site/trunk/content/security/json/CVE-2021-30641.json
>> httpd/site/trunk/content/security/json/CVE-2021-31618.json
>> Modified: httpd/site/trunk/content/security/json/CVE-2019-17567.json
>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890598&r1=1890597&r2=1890598&view=diff
>> ==============================================================================
>> --- httpd/site/trunk/content/security/json/CVE-2019-17567.json (original)
>> +++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Tue Jun 8 11:42:36 2021
>> @@ -13,14 +13,14 @@
>> "value": "reported"
>> },
>> {
>> - "time": "--",
>> + "time": "2021-06-01",
>> "lang": "eng",
>> "value": "public"
>> },
>> {
>> - "time": "--",
>> + "time": "2021-06-01",
>> "lang": "eng",
>> - "value": "2.4.47 released"
>> + "value": "2.4.48 released"
>> }
>> ],
>> "CNA_private": {
>> @@ -30,7 +30,7 @@
>> "ASSIGNER": "security@apache.org",
>> "AKA": "",
>> "STATE": "PUBLIC",
>> - "DATE_PUBLIC": "--",
>> + "DATE_PUBLIC": "2021-06-01",
>> "ID": "CVE-2019-17567",
>> "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
>> },
>> @@ -210,4 +210,4 @@
>> ]
>> }
>> }
>> -}
>> \ No newline at end of file
>> +}
>
> Not a big issue from my point of view, but now cvetool, CHANGES and CHANGES_2.48 are not in line anymore with vulnerabilities_xx.html
>
> My own preference is for keeping 2.4.47 because it was really fixed in this version, even if not announced.
>
> I guess that it is mostly a matter of taste and that both point of view are acceptable.
>
> CJ

From users's point of view, it seems more usable when CVE announcements point to releases they can actually get from us, I guess.

The fact that one has to explain the httpd release numbering to everyone outside the project, says that we are outside the main stream. It seems for no other reason than history. All fair enough.

Stefan

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal