Le 08/06/2021 à 13:42, mjc@apache.org a écrit :
> Author: mjc
> Date: Tue Jun 8 11:42:36 2021
> New Revision: 1890598
>
> URL: http://svn.apache.org/viewvc?rev=1890598&view=rev
> Log:
> Fix the release date and version
>
> Modified:
> httpd/site/trunk/content/security/json/CVE-2019-17567.json
> httpd/site/trunk/content/security/json/CVE-2020-13938.json
> httpd/site/trunk/content/security/json/CVE-2020-13950.json
> httpd/site/trunk/content/security/json/CVE-2020-35452.json
> httpd/site/trunk/content/security/json/CVE-2021-26690.json
> httpd/site/trunk/content/security/json/CVE-2021-26691.json
> httpd/site/trunk/content/security/json/CVE-2021-30641.json
> httpd/site/trunk/content/security/json/CVE-2021-31618.json
>
> Modified: httpd/site/trunk/content/security/json/CVE-2019-17567.json
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890598&r1=1890597&r2=1890598&view=diff
> ==============================================================================
> --- httpd/site/trunk/content/security/json/CVE-2019-17567.json (original)
> +++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Tue Jun 8 11:42:36 2021
> @@ -13,14 +13,14 @@
> "value": "reported"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> "value": "public"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> - "value": "2.4.47 released"
> + "value": "2.4.48 released"
> }
> ],
> "CNA_private": {
> @@ -30,7 +30,7 @@
> "ASSIGNER": "security@apache.org",
> "AKA": "",
> "STATE": "PUBLIC",
> - "DATE_PUBLIC": "--",
> + "DATE_PUBLIC": "2021-06-01",
> "ID": "CVE-2019-17567",
> "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
> },
> @@ -210,4 +210,4 @@
> ]
> }
> }
> -}
> \ No newline at end of file
> +}
>
>
Not a big issue from my point of view, but now cvetool, CHANGES and
CHANGES_2.48 are not in line anymore with vulnerabilities_xx.html
My own preference is for keeping 2.4.47 because it was really fixed in
this version, even if not announced.
I guess that it is mostly a matter of taste and that both point of view
are acceptable.
CJ
> Author: mjc
> Date: Tue Jun 8 11:42:36 2021
> New Revision: 1890598
>
> URL: http://svn.apache.org/viewvc?rev=1890598&view=rev
> Log:
> Fix the release date and version
>
> Modified:
> httpd/site/trunk/content/security/json/CVE-2019-17567.json
> httpd/site/trunk/content/security/json/CVE-2020-13938.json
> httpd/site/trunk/content/security/json/CVE-2020-13950.json
> httpd/site/trunk/content/security/json/CVE-2020-35452.json
> httpd/site/trunk/content/security/json/CVE-2021-26690.json
> httpd/site/trunk/content/security/json/CVE-2021-26691.json
> httpd/site/trunk/content/security/json/CVE-2021-30641.json
> httpd/site/trunk/content/security/json/CVE-2021-31618.json
>
> Modified: httpd/site/trunk/content/security/json/CVE-2019-17567.json
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/json/CVE-2019-17567.json?rev=1890598&r1=1890597&r2=1890598&view=diff
> ==============================================================================
> --- httpd/site/trunk/content/security/json/CVE-2019-17567.json (original)
> +++ httpd/site/trunk/content/security/json/CVE-2019-17567.json Tue Jun 8 11:42:36 2021
> @@ -13,14 +13,14 @@
> "value": "reported"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> "value": "public"
> },
> {
> - "time": "--",
> + "time": "2021-06-01",
> "lang": "eng",
> - "value": "2.4.47 released"
> + "value": "2.4.48 released"
> }
> ],
> "CNA_private": {
> @@ -30,7 +30,7 @@
> "ASSIGNER": "security@apache.org",
> "AKA": "",
> "STATE": "PUBLIC",
> - "DATE_PUBLIC": "--",
> + "DATE_PUBLIC": "2021-06-01",
> "ID": "CVE-2019-17567",
> "TITLE": "mod_proxy_wstunnel tunneling of non Upgraded connections"
> },
> @@ -210,4 +210,4 @@
> ]
> }
> }
> -}
> \ No newline at end of file
> +}
>
>
Not a big issue from my point of view, but now cvetool, CHANGES and
CHANGES_2.48 are not in line anymore with vulnerabilities_xx.html
My own preference is for keeping 2.4.47 because it was really fixed in
this version, even if not announced.
I guess that it is mostly a matter of taste and that both point of view
are acceptable.
CJ