oss-sec mailing list archives
Re: CVE request : client-side file creation via XSLT in Webkit
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 9 May 2011 15:26:01 -0400 (EDT)
Nicolas,After deeper investigation, this appears to be CVE-2011-1425, which was requested by you and assigned on March 14 (hopefully with email notification to you), and published through CVE on April 2 or 3 after an xmlsec announcement http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
CVE-2011-1425 points to both changeset 79159 and Webkit bug 52688.Are you talking about a different XSLT file-overwrite issue than CVE-2011-1425?
- Steve On Mon, 9 May 2011, Nicolas Gr�goire wrote:
The bug was opened on January 18 : https://bugs.webkit.org/show_bug.cgi?id=52688 (restricted) A patch is available since February 20 : http://trac.webkit.org/changeset/79159 (public) Given some recent mail exchanges with Apple, they still not have affected a CVE to this issue. Could you please allocate one, in order for me to have an easier job communicating with the numerous impacted vendors (many Linux distributions, RIM, Maxthon, ...) ? Regards, Nicolas Grégoire
Current thread:
- CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Josh Bressers (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Deb Mazurek (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 11)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 17)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 23)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 11)
- Re: CVE request : client-side file creation via XSLT in Webkit Josh Bressers (May 09)