Date: Mon, 03 Feb 2014 15:25:49 +1000 From: David Jorm <djorm@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: multiple issues in Apache Cordova/PhoneGap Multiple issues have been reported in Apache Cordova: http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt These issues have been discussed and acknowledged on the Cordova development list: http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:results These issues also affect PhoneGap, the commercial product built by Adobe Systems, which is based on Apache Cordova. However, there is no indication that the Adobe CNA has assigned any CVE IDs to these issues. Given Apache Cordova is an open source project, I think it is in scope for CVE IDs to be assigned on the oss-security list. Thanks -- David Jorm / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ