[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] jar, fastjar directory traversal vulnerabilities
From: Vincent Danen <vdanen () redhat ! com>
Date: 2010-06-08 20:51:35
Message-ID: 20100608205135.GH4828 () redhat ! com
[Download RAW message or body]
* [2010-06-08 16:01:30 -0400] Steven M. Christey wrote:
>On Tue, 8 Jun 2010, Vincent Danen wrote:
>
>>What makes things worse is that it doesn't look like CVE-2005-1080 was
>>ever fixed. So I'm not sure if this "new" jar issue needs a new CVE
>>name, or if it would be covered under CVE-2005-1080 (since nothing ever
>>claimed to fix this directory traversal vulnerability in jar).
>
>If a bug appears in versions X and Y, and there is no evidence that a
>fix was ever applied between versions X and Y, then the original
>CVE's description is simply updated.
Awesome, thanks for the clarification.
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic