Date: Tue, 29 May 2012 21:20:22 +0200 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: XXE vulnerability in Restlet > Please use CVE-2012-2656 for this issue. Thanks ! > Also is there a specific source file/etc that contains the fix? The changelog refers to this change: https://github.com/restlet/restlet-framework-java/commit/115c17c1f9aab4bd431ae44a36741b86be4c5f53 However, this one (safer default values for options like "secureProcessing" and "expandingEntityRefs") seems much more relevant: https://github.com/restlet/restlet-framework-java/commit/ec692bd3b5e386261413210191b179fec22b6cd2 By the way, credits are wrong (I'm the original reporter) and should be fixed soon. Nicolas
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.