| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200708142214.38148.ismail@pardus.org.tr> Date: Tue, 14 Aug 2007 22:14:37 +0300 From: Ismail Dönmez <ismail@...dus.org.tr> To: bugtraq@...urityfocus.com Cc: Tomcat Developers List <dev@...cat.apache.org>, Christopher Schultz <chris@...istopherschultz.net>, "CERT\(R\) Coordination Center" <cert@...t.org>, full-disclosure@...ts.grok.org.uk, Tomcat Users List <users@...cat.apache.org> Subject: Re: CVE-2007-3382: Handling of cookies containing a ' character On Tuesday 14 August 2007 18:52:22 Christopher Schultz wrote: > Mark, > > Mark Thomas wrote: > > CVE-2007-3382: Handling of cookies containing a ' character > > > > Versions Affected: > > 5.5.0 to 5.5.24 > > Since 5.5.24 isn't yet released, will an upcoming 5.5.24 release include > > a fix for this problem given: > > Mitigation: > > Upgrade to 6.0.14 > > ? Are Tomcat developers being trying to be funny? Suggested fix for a security bug is a version jump? *sigh* /ismail -- Perfect is the enemy of good _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists