oss-sec mailing list archives
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
From: Reed Loden <reed () reedloden com>
Date: Sun, 4 Nov 2012 19:39:29 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 04 Nov 2012 17:13:28 -0700 Kurt Seifried <kseifried () redhat com> wrote:
Might want to go ahead and get a CVE assigned to whatever this issue is, and hope more details come out of this soon so YUI 2 users can actually get patched instead of having to request access to the fix...Have any CVE's been issued for this issue? I can't find any. More to the point does this kind of issue (is it a service strictly?) even get a CVE? Steve?
YUI is not a service at all. It's a JavaScript helper library, similar to jQuery, Mootools, Dojo, etc. CVEs have been assigned to YUI before (CVE-2010-4207, CVE-2010-4710). ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlCXNPEACgkQa6IiJvPDPVrOlQCfZ29qgEKP8cq3a080FLz273s/ FikAoInve8JzkimHW4Exa2fbAHTu/tNT =nEQQ -----END PGP SIGNATURE-----
Current thread:
- YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 05)
- RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Christey, Steven M. (Nov 05)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Jan Lieskovsky (Nov 06)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 06)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure cve-assign (Nov 16)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 04)