[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: XXE vulnerability in Restlet
From: Nicolas =?ISO-8859-1?Q?Gr=E9goire?= <nicolas.gregoire () agarri ! fr>
Date: 2012-05-29 19:20:22
Message-ID: 1338319222.16666.294.camel () new-desktop
[Download RAW message or body]
> Please use CVE-2012-2656 for this issue.
Thanks !
> Also is there a specific source file/etc that contains the fix?
The changelog refers to this change:
https://github.com/restlet/restlet-framework-java/commit/115c17c1f9aab4bd431ae44a36741b86be4c5f53
However, this one (safer default values for options like
"secureProcessing" and "expandingEntityRefs") seems much more relevant:
https://github.com/restlet/restlet-framework-java/commit/ec692bd3b5e386261413210191b179fec22b6cd2
By the way, credits are wrong (I'm the original reporter) and should be
fixed soon.
Nicolas
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic