On 20/12/2017 01:08, Daniel Shahaf wrote:
> Stefan wrote on Tue, 19 Dec 2017 23:39 +0100:
> [...]
>> Since I never calculated the CVSS score for a Subversion vulnerability
>> before,
> If you're interested, you could go through the more recent advisories
> (the security/ directories in the site and in the private repository),
> read the patches that fixed them, compute a CVSSv2 or CVSSv3 vector
> based on that (only, without reading the in-advisory analysis), and then
> compare the one you computed with the one in the advisory.
>
> This way, when the next vulnerability is reported, you'd be better able
> to help compute / review a CVSS vector for it.
Good hint. I'll eventually get more familiar with it.
For the time being I however will focus on cleaning up the remaining
dead links throughout our webpage, put together the hackathon page, and
then get on signing/testing the 1.10 RC1 builds as well as releasing new
MaxSVN builds (at least that's my current priority list).
Regards,
Stefan
Received on 2017-12-26 22:21:19 CET