Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 03 Feb 2014 15:25:49 +1000
From: David Jorm <djorm@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: multiple issues in Apache Cordova/PhoneGap

Multiple issues have been reported in Apache Cordova:

http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt

These issues have been discussed and acknowledged on the Cordova 
development list:

http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:results

These issues also affect PhoneGap, the commercial product built by Adobe 
Systems, which is based on Apache Cordova. However, there is no 
indication that the Adobe CNA has assigned any CVE IDs to these issues. 
Given Apache Cordova is an open source project, I think it is in scope 
for CVE IDs to be assigned on the oss-security list.

Thanks
--
David Jorm / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ