[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: XXE vulnerability in Restlet
From:       Nicolas =?ISO-8859-1?Q?Gr=E9goire?= <nicolas.gregoire () agarri ! fr>
Date:       2012-05-29 19:20:22
Message-ID: 1338319222.16666.294.camel () new-desktop
[Download RAW message or body]


> Please use CVE-2012-2656 for this issue.

Thanks !

> Also is there a specific source file/etc that contains the fix?

The changelog refers to this change:
https://github.com/restlet/restlet-framework-java/commit/115c17c1f9aab4bd431ae44a36741b86be4c5f53

However, this one (safer default values for options like
"secureProcessing" and "expandingEntityRefs") seems much more relevant:
https://github.com/restlet/restlet-framework-java/commit/ec692bd3b5e386261413210191b179fec22b6cd2

By the way, credits are wrong (I'm the original reporter) and should be
fixed soon.

Nicolas

[prev in list] [next in list] [prev in thread] [next in thread]