Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
From: Reed Loden <reed () reedloden com>
Date: Sun, 4 Nov 2012 19:39:29 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 04 Nov 2012 17:13:28 -0700
Kurt Seifried <kseifried () redhat com> wrote:

Might want to go ahead and get a CVE assigned to whatever this
issue is, and hope more details come out of this soon so YUI 2
users can actually get patched instead of having to request access
to the fix...

Have any CVE's been issued for this issue? I can't find any. More to
the point does this kind of issue (is it a service strictly?) even get
a CVE? Steve?

YUI is not a service at all. It's a JavaScript helper library, similar
to jQuery, Mootools, Dojo, etc. CVEs have been assigned to YUI before
(CVE-2010-4207, CVE-2010-4710).

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCXNPEACgkQa6IiJvPDPVrOlQCfZ29qgEKP8cq3a080FLz273s/
FikAoInve8JzkimHW4Exa2fbAHTu/tNT
=nEQQ
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault