Date: Fri, 24 Oct 2014 19:10:21 +0100 From: Colm O hEigeartaigh <coheigea@...che.org> To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>, Apache Security Response Team <security@...che.org>, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: New security advisories released for Apache CXF Two new security advisories have been released for Apache CXF: - CVE-2014-3623: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding - CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack Advisories attached to this mail + also available via the CXF security advisories page: http://cxf.apache.org/security-advisories.html Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com Content of type "text/html" skipped View attachment "CVE-2014-3584.txt.asc" of type "text/plain" (1613 bytes) View attachment "CVE-2014-3623.txt.asc" of type "text/plain" (1653 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.