Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: browser document.cookie DoS vulnerability
From: aaron guzman <aaron23yankees () gmail com>
Date: Fri, 11 Oct 2013 07:25:10 -0700

Google is now paying for patches for apps like Chromium. This was announced
yesterday. Patches are to be sent to security-patches () google com according
to this link here
http://www.tomsguide.com/us/google-software-bounty,news-17676.html


On Thu, Oct 10, 2013 at 10:44 PM, Kurt Seifried <kseifried () redhat com>wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/25/2013 09:42 AM, Kurt Seifried wrote:
On 09/20/2013 09:52 AM, Joel Weinberger wrote:
Just an FYI, we have fixed this in tip of the tree Chromium:
https://src.chromium.org/viewvc/chrome?revision=224268&view=revision



https://code.google.com/p/chromium/issues/detail?id=238041
--Joel


So I assume Google will not be handling CVE assignments for
chromium?


Ping. Does anyone know if Google is acting as the CNA for Chromium? I
assume they are, but I also see no CVE for this.


- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSV5BSAAoJEBYNRVNeJnmTEkMQAJQhHCzOKxhgJELgagAm3O2g
23pSmKNeXh27Px9Dq+RllMM/qN+jETPHQ/59y1l9GE4nMymqeMBBDbK0Ws5q050+
Ay9aZTPr3vleClhmoqyFOZIU+oDlbZ0/IamoM0th9F8r4hjVHbzFVO0GXkTSaGk4
CJKRP3fqli+yX+Wk8twUOXkr4Nr1bg4Ty7LugxeMlHCVrsMo4Lpbv2YcRVg/6x7f
V6x326z9c00txtpKxbP0IgON7qeR7BBkPDgbf6APFcWSp/TSZIeXk2y/xgMVXiMd
3IJt6HeKqhLzb35PlHeZJrcJjKlUHkrZniY61Ig3gc/GviwgegFuAwP3O9kUDxvc
GYS6t7bUfJ/Mhwaki4tAW5JeYc6WV3zhCU31UeJmr/tqNJfunI6uxASQnW0IzzVf
eS5AV20nHJn6PtJTB54jxw4EuYDvzpXor+9WB5KP76z+wgZhUjitHR4PHDHUIeyY
jc9nJ7EOs2aqj1k7UGd1STRDE2xG0Rki37Yvf7oPIPulGLjHmPxL6kKCpSTt+pIM
OaOomM1uZSSejG8BMWXZ4vNTzc0yFUN1C2h226E2i2Q5CykCdENIOXLXjFASfPQR
aVS+IvRrYFy7+9DjAXU3vK2uoW9vnDUoidSkd76jToCinfkJ6uAYUhH23RJBB1Xe
/oZA/ZljHxv2mqbc/XMM
=XRg2
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]