[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 03 Feb 2014 15:25:49 +1000
From: David Jorm <djorm@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: multiple issues in Apache Cordova/PhoneGap
Multiple issues have been reported in Apache Cordova:
http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt
These issues have been discussed and acknowledged on the Cordova
development list:
http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:results
These issues also affect PhoneGap, the commercial product built by Adobe
Systems, which is based on Apache Cordova. However, there is no
indication that the Adobe CNA has assigned any CVE IDs to these issues.
Given Apache Cordova is an open source project, I think it is in scope
for CVE IDs to be assigned on the oss-security list.
Thanks
--
David Jorm / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
