You're most welcome! Lots of heavy activity on Twitter as well :-) -Sally
From: Gary Gregory
To: Commons Developers List ; Sally Khudairi
Sent: Tuesday, November 10, 2015 10:40 AM
Subject: Re: Blog post "commons" vulnerability
Thank you Sally!GaryOn Nov 10, 2015
; src/main/java/org/apache/commons/collections4/functors/PrototypeFactory.java
> Thanks,-Chris
>
> From: Sally Khudairi [mailto:sallykhuda...@yahoo.com]
> Sent: Monday, November 09, 2015 3:15 PM
> To: Sally Khudairi; e...@zusammenkunft.net; Frohoff, Chris; Gabriel
> La
On 10/11/2015 10:17, Jochen Wiedmann wrote:
> On Tue, Nov 10, 2015 at 10:51 AM, Mark Thomas
>
>> You only need a CVE ID if there is a vulnerability.
>>
>> I would argue (and the OPs appear to agree with me) that this is NOT a
>> vulnerability in Apache Commons Collections. The vulnerability lies
"Frohoff, Chris"
To: Sally Khudairi ; "e...@zusammenkunft.net"
; Gabriel Lawrence ;
Commons Developers List
Sent: Monday, November 9, 2015 6:42 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5799872531 #yiv5799872531 -- _filtered #yiv5799872531
{font-f
On Tue, Nov 10, 2015 at 10:51 AM, Mark Thomas
> You only need a CVE ID if there is a vulnerability.
>
> I would argue (and the OPs appear to agree with me) that this is NOT a
> vulnerability in Apache Commons Collections. The vulnerability lies in
> applications that are blindly deserializing dat
ds,
>>> Sally
>>>
>>>
>>> [From the mobile; please excuse top-posting, spelling/spacing errors, and
>>> brevity]
>>>
>>> - Reply message -
>>> From: "Frohoff, Chris"
>>> To: "Sally Khudairi"
ep -v InvokerTransformer | xargs -n1 grep -l
>> Serializable
>>
>> src/main/java/org/apache/commons/collections4/functors/InstantiateFactory.java
>>
>> src/main/java/org/apache/commons/collections4/functors/InstantiateTransformer.java
>>
>> src/main/java/org/apache/com
he/commons/collections4/functors/InstantiateTransformer.java
>
> src/main/java/org/apache/commons/collections4/functors/PrototypeFactory.java
>
> Thanks,
>
> -Chris
>
>
>
> From: Sally Khudairi [mailto:sallykhuda...@yahoo.com]
>
>
> Sent: Monday, November 09,
brevity]
- Reply message -
From: "Frohoff, Chris"
To: "Sally Khudairi" , "e...@zusammenkunft.net"
, "Gabriel Lawrence" ,
"Commons Developers List"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 18:42
All,
I
re ready, and I'll publish.
Warmly,
Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "S
pers List
Sent: Monday, November 9, 2015 5:29 PM
Subject: Re: Blog post "commons" vulnerability
Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like.
OK re: tweet screenshot; I've included
please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "Sally Khudairi"
Subject: Blog post "commons"
C?)
Gruss
Bernd
--
http://bernd.eckenfels.net
-Original Message-
From: Sally Khudairi
To: "Frohoff, Chris" , Gabriel Lawrence
, Commons Developers List
Sent: Mo., 09 Nov. 2015 22:36
Subject: Re: Blog post "commons" vulnerability
Thanks, Chris. I'll include you
airi
From: "Frohoff, Chris"
To: Gabriel Lawrence ; Commons Developers List
Cc: Sally Khudairi
Sent: Monday, November 9, 2015 12:31 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5525942083 #yiv5525942083 -- _filtered #yiv5525942083 {panose-1:2 4 5 3
>
> > Thanks again,
> > Sally
> >
> > [From the mobile; please excuse top-posting, spelling/spacing errors,
> and brevity]
> >
> > ----- Reply message -----
> > From: "Gary Gregory"
> > To: "Commons Developers List"
> &
Commons Developers List"
> Cc: , "Benedikt Ritter" , "Sally
> Khudairi"
> Subject: Blog post "commons" vulnerability
> Date: Mon, Nov 9, 2015 07:50
>
> My name is spelled Gary Gregory BTW ;-)
> Gary
> On Nov 9, 2015 2:45 AM, "Bernd Eck
rom: "Gary Gregory"
To: "Commons Developers List"
Cc: , "Benedikt Ritter" , "Sally
Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 07:50
My name is spelled Gary Gregory BTW ;-)
Gary
On Nov 9, 2015 2:45 AM, "Bernd
It's commons collections
On Mon, Nov 9, 2015 at 5:45 AM Bernd Eckenfels
wrote:
> Hello Sally,
>
> currently there is a security vulnerability doing the rounds which uses
> as an example Apache Commons Collection. It is not really a bug in
> Commons Collection, but there is a lot of fuzz. So sinc
My name is spelled Gary Gregory BTW ;-)
Gary
On Nov 9, 2015 2:45 AM, "Bernd Eckenfels" wrote:
> Hello Sally,
>
> currently there is a security vulnerability doing the rounds which uses
> as an example Apache Commons Collection. It is not really a bug in
> Commons Collection, but there is a lot o
Hello Sally,
currently there is a security vulnerability doing the rounds which uses
as an example Apache Commons Collection. It is not really a bug in
Commons Collection, but there is a lot of fuzz. So since we are doing
somethign in the Apache Commons team against the problem we wanted to
make a
20 matches
Mail list logo
