ode-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathwik B P <sathwik...@gmail.com>
Subject CVE-2018-1316 used to cover issue incorrectly used CVE-2008-2370 for ODE 1.3.3
Date Sun, 04 Mar 2018 06:56:45 GMT
Hi

In 2009 we released an advisory for ODE 1.3.3 which mentioned it fixed
a security issues with CVE name CVE-2008-2370:

http://mail-archives.apache.org/mod_mbox/www-announce/200908.mbox/%
3Cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb%40mail.gmail.com%3E

However we noticed this name was used by mistake: CVE-2008-2370 is for
an unrelated security issue in Tomcat.

As suggested by Mitre, we've therefore assigned the name CVE-2018-1316
to cover this issue fixed in ODE 1.3.3.

Thanks,
Apache ODE Team.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message