oss-sec mailing list archives
Re: CVE request : client-side file creation via XSLT in Webkit
From: Josh Bressers <bressers () redhat com>
Date: Mon, 9 May 2011 14:29:43 -0400 (EDT)
----- Original Message -----
The bug was opened on January 18 : https://bugs.webkit.org/show_bug.cgi?id=52688 (restricted) A patch is available since February 20 : http://trac.webkit.org/changeset/79159 (public) Given some recent mail exchanges with Apple, they still not have affected a CVE to this issue. Could you please allocate one, in order for me to have an easier job communicating with the numerous impacted vendors (many Linux distributions, RIM, Maxthon, ...) ?
I don't see a CVE id in the upstream bug, so I'll risk assigning an ID. Use CVE-2011-1774 Thanks. -- JB
Current thread:
- CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Josh Bressers (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Deb Mazurek (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 11)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 17)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 23)
- Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 11)
- Re: CVE request : client-side file creation via XSLT in Webkit Josh Bressers (May 09)