Date: Thu, 12 Nov 2015 15:22:45 -0800 From: Tim <tim-security@...tinelchicken.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw > The currently proposed "fix" is to disable functionality that is > being used. This will break applications that need them. > >  https://issues.apache.org/jira/browse/COLLECTIONS-580 I just read through that thread and I did not see anyone indicating that the fix breaks applications. Only speculation. Perhaps you meant to link us somewhere else? tim
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ