Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121104193929.15ed637c.reed@reedloden.com>
Date: Sun, 4 Nov 2012 19:39:29 -0800
From: Reed Loden <reed@...dloden.com>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com, Steven Christey <coley@...re.org>
Subject: Re: YUI 2.x security issue regarding embedded SWF
 files -- or, How Not To Handle A Security Disclosure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 04 Nov 2012 17:13:28 -0700
Kurt Seifried <kseifried@...hat.com> wrote:

> > Might want to go ahead and get a CVE assigned to whatever this
> > issue is, and hope more details come out of this soon so YUI 2
> > users can actually get patched instead of having to request access
> > to the fix...
> 
> Have any CVE's been issued for this issue? I can't find any. More to
> the point does this kind of issue (is it a service strictly?) even get
> a CVE? Steve?

YUI is not a service at all. It's a JavaScript helper library, similar
to jQuery, Mootools, Dojo, etc. CVEs have been assigned to YUI before
(CVE-2010-4207, CVE-2010-4710).

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCXNPEACgkQa6IiJvPDPVrOlQCfZ29qgEKP8cq3a080FLz273s/
FikAoInve8JzkimHW4Exa2fbAHTu/tNT
=nEQQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.