oss-sec mailing list archives
Re: jar, fastjar directory traversal vulnerabilities
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 8 Jun 2010 14:51:35 -0600
* [2010-06-08 16:01:30 -0400] Steven M. Christey wrote:
On Tue, 8 Jun 2010, Vincent Danen wrote:What makes things worse is that it doesn't look like CVE-2005-1080 was ever fixed. So I'm not sure if this "new" jar issue needs a new CVE name, or if it would be covered under CVE-2005-1080 (since nothing ever claimed to fix this directory traversal vulnerability in jar).If a bug appears in versions X and Y, and there is no evidence that a fix was ever applied between versions X and Y, then the original CVE's description is simply updated.
Awesome, thanks for the clarification. --Vincent Danen / Red Hat Security Response Team
Current thread:
- jar, fastjar directory traversal vulnerabilities Vincent Danen (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Steven M. Christey (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Vincent Danen (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Steven M. Christey (Jun 08)