[prev in list] [next in list] [prev in thread] [next in thread]
List: xerces-j-user
Subject: Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
From: Michael Glavassevich <mrglavas () ca ! ibm ! com>
Date: 2010-01-13 21:46:00
Message-ID: OF9799B0D6.9E6D225D-ON852576AA.00771F54-852576AA.00779210 () ca ! ibm ! com
[Download RAW message or body]
There's not much left to do but it's a matter of finding the time which I
haven't had so far since the new year. It should be soon though.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pjairath@yahoo-inc.com> wrote on 01/13/2010 07:52:02 AM:
> Not received any response to this. Could somebody provide the corrected
> dates now ?.
>
> -/Pankaj
>
> Pankaj Jairath wrote:
> > Michael, any updates to this release ?.
> >
> > Thanks,
> > -/Pankaj
> >
> > Pankaj Jairath wrote:
> >
> >> Any updates to this release date ?.
> >>
> >> Thanks,
> >> -/Pankaj
> >>
> >> Michael Glavassevich wrote:
> >>
> >>
> >>> That is a tentative date. Give or take a few days. There are still
> >>> some loose ends to take care of and can take some time for the
> >>> published build to propagate on to the mirror download sites.
> >>>
> >>> Thanks.
> >>>
> >>> Michael Glavassevich
> >>> XML Parser Development
> >>> IBM Toronto Lab
> >>> E-mail: mrglavas@ca.ibm.com
> >>> E-mail: mrglavas@apache.org
> >>>
> >>> Pankaj Jairath <pjairath@yahoo-inc.com> wrote on 12/17/2009 11:21:31
PM:
> >>>
> >>>
> >>>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> >>>> today, Friday 18th Dec'2009.
> >>>>
> >>>> Thanks,
> >>>> -/Pankaj Jairath
> >>>>
> >>>> Michael Glavassevich wrote:
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
> >>>>>
> >>>>>
> >>> the
> >>>
> >>>
> >>>>> week. The patch can be easily applied to earlier releases (for
those
> >>>>> who need that).
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Michael Glavassevich
> >>>>> XML Parser Development
> >>>>> IBM Toronto Lab
> >>>>> E-mail: mrglavas@ca.ibm.com
> >>>>> E-mail: mrglavas@apache.org
> >>>>>
> >>>>> Pankaj Jairath <pjairath@yahoo-inc.com> wrote on 12/14/2009
> >>>>>
> >>>>>
> >>> 03:51:19 AM:
> >>>
> >>>
> >>>>>> I am following up on this issue reported at -
> >>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> >>>>>>
> >>>>>>
> >>> see
> >>>
> >>>
> >>>>> the
> >>>>>
> >>>>>
> >>>>>> following check-in trunk for XMLScanner.java :
> >>>>>>
> >>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> >>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >>>>>>
> >>>>>> which apparently fixes the issue.
> >>>>>>
> >>>>>> Question : Can we have a newer drop of Xerces2 which shall
> >>>>>>
> >>>>>>
> >>> include this
> >>>
> >>>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
> >>>>>> available 2 years ago.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -/Pankaj
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>>>
> >>>>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>
> >>>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >> For additional commands, e-mail: j-dev-help@xerces.apache.org
[Attachment #3 (text/html)]
<html><body>
<p><tt>There's not much left to do but it's a matter of finding the time which I \
haven't had so far since the new year. It should be soon though.</tt><br> <br>
<tt>Thanks.</tt><br>
<br>
<tt>Michael Glavassevich<br>
XML Parser Development<br>
IBM Toronto Lab<br>
E-mail: mrglavas@ca.ibm.com</tt><br>
<tt>E-mail: mrglavas@apache.org</tt><br>
<br>
<tt>Pankaj Jairath <pjairath@yahoo-inc.com> wrote on 01/13/2010 07:52:02 \
AM:<br> <br>
> Not received any response to this. Could somebody provide the corrected <br>
> dates now ?.<br>
> <br>
> -/Pankaj<br>
> <br>
> Pankaj Jairath wrote:<br>
> > Michael, any updates to this release ?.<br>
> ><br>
> > Thanks,<br>
> > -/Pankaj<br>
> ><br>
> > Pankaj Jairath wrote:<br>
> > <br>
> >> Any updates to this release date ?.<br>
> >><br>
> >> Thanks,<br>
> >> -/Pankaj<br>
> >><br>
> >> Michael Glavassevich wrote:<br>
> >> <br>
> >> <br>
> >>> That is a tentative date. Give or take a few days. There are still \
<br> > >>> some loose ends to take care of and can take some time for the \
<br> > >>> published build to propagate on to the mirror download \
sites.<br> > >>><br>
> >>> Thanks.<br>
> >>><br>
> >>> Michael Glavassevich<br>
> >>> XML Parser Development<br>
> >>> IBM Toronto Lab<br>
> >>> E-mail: mrglavas@ca.ibm.com<br>
> >>> E-mail: mrglavas@apache.org<br>
> >>><br>
> >>> Pankaj Jairath <pjairath@yahoo-inc.com> wrote on 12/17/2009 \
11:21:31 PM:<br> > >>><br>
> >>> <br>
> >>> <br>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J \
2.10.0 by<br> > >>>> today, Friday 18th Dec'2009.<br>
> >>>><br>
> >>>> Thanks,<br>
> >>>> -/Pankaj Jairath<br>
> >>>><br>
> >>>> Michael Glavassevich wrote:<br>
> >>>> <br>
> >>>> <br>
> >>>>> Hi,<br>
> >>>>><br>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the \
end of <br> > >>>>> <br>
> >>>>> <br>
> >>> the<br>
> >>> <br>
> >>> <br>
> >>>>> week. The patch can be easily applied to earlier releases \
(for those<br> > >>>>> who need that).<br>
> >>>>><br>
> >>>>> Thanks.<br>
> >>>>><br>
> >>>>> Michael Glavassevich<br>
> >>>>> XML Parser Development<br>
> >>>>> IBM Toronto Lab<br>
> >>>>> E-mail: mrglavas@ca.ibm.com<br>
> >>>>> E-mail: mrglavas@apache.org<br>
> >>>>><br>
> >>>>> Pankaj Jairath <pjairath@yahoo-inc.com> wrote on \
12/14/2009 <br> > >>>>> <br>
> >>>>> <br>
> >>> 03:51:19 AM:<br>
> >>> <br>
> >>> <br>
> >>>>>> I am following up on this issue reported at -<br>
> >>>>>> <a \
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625</a>. \
I <br> > >>>>>> <br>
> >>>>>> <br>
> >>> see<br>
> >>> <br>
> >>> <br>
> >>>>> the<br>
> >>>>> <br>
> >>>>> <br>
> >>>>>> following check-in trunk for XMLScanner.java :<br>
> >>>>>><br>
> >>>>>> <a \
href="http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/">http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/</a><br>
> >>>>>> \
xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353<br> > \
>>>>>><br> > >>>>>> which apparently fixes the \
issue.<br> > >>>>>><br>
> >>>>>> Question : Can we have a newer drop of Xerces2 which \
shall <br> > >>>>>> <br>
> >>>>>> <br>
> >>> include this<br>
> >>> <br>
> >>> <br>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which \
was made<br> > >>>>>> available 2 years ago.<br>
> >>>>>><br>
> >>>>>> Thanks,<br>
> >>>>>> -/Pankaj<br>
> >>>>>><br>
> >>>>>><br>
> >>>>>><br>
> >>>>>> <br>
> >>>>>> <br>
> >>> ---------------------------------------------------------------------<br>
> >>> <br>
> >>> <br>
> >>>>>> To unsubscribe, e-mail: \
j-dev-unsubscribe@xerces.apache.org<br> > >>>>>> For additional \
commands, e-mail: j-dev-help@xerces.apache.org<br> > >>>>>> \
<br> > >>>>>> \
<br> > >>>> \
---------------------------------------------------------------------<br> > \
>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org<br> > \
>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org<br> \
> >>>> <br> > >>>> \
<br> > >> \
---------------------------------------------------------------------<br> > \
>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org<br> > \
>> For additional commands, e-mail: \
j-dev-help@xerces.apache.org</tt></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic