Date: Thu, 29 Sep 2016 13:00:23 -0400 From: Mike Kienenberger <mkienenb@...il.com> To: oss-security@...ts.openwall.com Cc: "security@...che.org" <security@...che.org> Subject: Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Clarification: The first line in this CVE was a copy&paste error during message composition and is not part of the CVE. This line can make it sound as if CVE-2016-5019 is only an information disclosure vulnerability rather than a deserialization attack vector. I apologize for the confusion.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.