[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] jar, fastjar directory traversal vulnerabilities
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2010-06-08 20:51:35
Message-ID: 20100608205135.GH4828 () redhat ! com
[Download RAW message or body]

* [2010-06-08 16:01:30 -0400] Steven M. Christey wrote:

>On Tue, 8 Jun 2010, Vincent Danen wrote:
>
>>What makes things worse is that it doesn't look like CVE-2005-1080 was
>>ever fixed.  So I'm not sure if this "new" jar issue needs a new CVE
>>name, or if it would be covered under CVE-2005-1080 (since nothing ever
>>claimed to fix this directory traversal vulnerability in jar).
>
>If a bug appears in versions X and Y, and there is no evidence that a 
>fix was ever applied between versions X and Y, then the original 
>CVE's description is simply updated.

Awesome, thanks for the clarification.

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic