oss-sec mailing list archives
Re: jar, fastjar directory traversal vulnerabilities
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 8 Jun 2010 16:01:30 -0400 (EDT)
On Tue, 8 Jun 2010, Vincent Danen wrote:
What makes things worse is that it doesn't look like CVE-2005-1080 was ever fixed. So I'm not sure if this "new" jar issue needs a new CVE name, or if it would be covered under CVE-2005-1080 (since nothing ever claimed to fix this directory traversal vulnerability in jar).
If a bug appears in versions X and Y, and there is no evidence that a fix was ever applied between versions X and Y, then the original CVE's description is simply updated.
- Steve
Current thread:
- jar, fastjar directory traversal vulnerabilities Vincent Danen (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Steven M. Christey (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Vincent Danen (Jun 08)
- Re: jar, fastjar directory traversal vulnerabilities Steven M. Christey (Jun 08)