Permalink
1 comment
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fixed security bug in downloader (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14751)
- Loading branch information
1 parent
2554ff4
commit f59d7ed
Showing
1 changed file
with
1 addition
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f59d7edThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this @stevenbird, and for all your work on
nltk.Have you got 5 minutes to talk me through the process you went through fixing this, and any way GitHub can help? I'm on GitHub's security team and am working to make it easier for maintainers to alert users of security vulnerabilities.
Currently we have the security alert emails (which we're working to improve) and Security Advisories (the security tab on this repo). In future we're planning to make it easy for maintainers to apply for CVEs through GitHub (via creating Security Advisories).
Was there any part of the flow of finding, fixing, and alerting users of this vulnerability that GitHub could have helped with? Or anything we're doing now that you'd like us to do differently?
Any feedback very much appreciated. I'm on greysteil@github.com if you'd rather email it privately.
Thanks for all your do, and please don't hesitate to reach out if there's ever any way GitHub can help.