[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] jar, fastjar directory traversal vulnerabilities
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-06-08 20:01:30
Message-ID: Pine.GSO.4.64.1006081558550.15053 () faron ! mitre ! org
[Download RAW message or body]


On Tue, 8 Jun 2010, Vincent Danen wrote:

> What makes things worse is that it doesn't look like CVE-2005-1080 was
> ever fixed.  So I'm not sure if this "new" jar issue needs a new CVE
> name, or if it would be covered under CVE-2005-1080 (since nothing ever
> claimed to fix this directory traversal vulnerability in jar).

If a bug appears in versions X and Y, and there is no evidence that a fix 
was ever applied between versions X and Y, then the original CVE's 
description is simply updated.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic