[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] jar, fastjar directory traversal vulnerabilities
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-06-08 20:01:30
Message-ID: Pine.GSO.4.64.1006081558550.15053 () faron ! mitre ! org
[Download RAW message or body]
On Tue, 8 Jun 2010, Vincent Danen wrote:
> What makes things worse is that it doesn't look like CVE-2005-1080 was
> ever fixed. So I'm not sure if this "new" jar issue needs a new CVE
> name, or if it would be covered under CVE-2005-1080 (since nothing ever
> claimed to fix this directory traversal vulnerability in jar).
If a bug appears in versions X and Y, and there is no evidence that a fix
was ever applied between versions X and Y, then the original CVE's
description is simply updated.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic