Date: Mon, 9 May 2011 15:26:01 -0400 (EDT) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request : client-side file creation via XSLT in Webkit Nicolas, After deeper investigation, this appears to be CVE-2011-1425, which was requested by you and assigned on March 14 (hopefully with email notification to you), and published through CVE on April 2 or 3 after an xmlsec announcement http://www.aleksey.com/pipermail/xmlsec/2011/009120.html CVE-2011-1425 points to both changeset 79159 and Webkit bug 52688. Are you talking about a different XSLT file-overwrite issue than CVE-2011-1425? - Steve On Mon, 9 May 2011, Nicolas Grégoire wrote: > > The bug was opened on January 18 : > https://bugs.webkit.org/show_bug.cgi?id=52688 (restricted) > > A patch is available since February 20 : > http://trac.webkit.org/changeset/79159 (public) > > Given some recent mail exchanges with Apple, they still not have > affected a CVE to this issue. Could you please allocate one, in order > for me to have an easier job communicating with the numerous impacted > vendors (many Linux distributions, RIM, Maxthon, ...) ? > > Regards, > Nicolas GrÃ©goire > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.