Hi David, On Mon, Apr 30, 2018 at 8:32 PM, David Dillard <david.dill...@veritas.com> wrote:
> I asked before about getting a CVE for the issue I raised that was fixed, > and about a security advisory. I don’t recall seeing a response. > > > > Can that please be done as well? I don’t know what the internal Apache > process is for getting CVEs, but there’s got to be one. > Looking at the 2.12.0 release notes in JIRA, and the CVE which you pointed that we fixed, I propose to have following written within our 2.12.0 release announcement, <text> The following security issues, raised by users were fixed: CVE-2012-0881 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881 CVE-2013-4002 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 CVE-2018-2799 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2799 </text> Please let us know your opinion about this. Anyone else could also comment. -- Regards, Mukul Gandhi
