incubator-wink-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Rheinheimer <r...@apache.org>
Subject Re: [Important] Wink security advisory CVE-2010-2245
Date Tue, 06 Jul 2010 21:08:06 GMT
Ok, all is well now.  Sorry for the multiple emails and SVN commits.
OpenOffice and I are no longer on speaking terms, unless I get some
flowers and a written apology.

mike


On Tue, Jul 6, 2010 at 3:44 PM, Mike Rheinheimer <rott@apache.org> wrote:
> Yeah, something got messed up.  I'll get a new version uploaded.
>
> mike
>
>
> On Tue, Jul 6, 2010 at 3:29 PM, Jason Dillon <jason@planet57.com> wrote:
>> Thanks, but... is it just me or is there content missing in the PDF?
>>
>> --jason
>>
>>
>> On Jul 6, 2010, at 1:20 PM, Mike Rheinheimer wrote:
>>
>>> Ok, changed it to PDF.  Thanks.
>>>
>>> https://svn.apache.org/repos/asf/incubator/wink/trunk/security/CVE-2010-2245.pdf
>>>
>>> mike
>>>
>>> On Tue, Jul 6, 2010 at 1:59 PM, Jason Dillon <jason@planet57.com> wrote:
>>>> The docx format is not very friendly to share these details... PDF, HTML
or even plain text would be much better IMO.
>>>>
>>>> --jason
>>>>
>>>>
>>>> On Jul 6, 2010, at 9:46 AM, Mike Rheinheimer wrote:
>>>>
>>>>> The Wink team recently discovered a security issue that may allow an
>>>>> attacker to carry out denial of service attacks and to read arbitrary
>>>>> files on the file system of the node where Wink runs.  Details of the
>>>>> vulnerability are described in the following advisory:
>>>>>
>>>>> https://svn.apache.org/repos/asf/incubator/wink/trunk/security/CVE-2010-2245.docx
>>>>>
>>>>> This vulnerability may potentially be exploited on any Wink
>>>>> installation that receives XML messages from untrusted sources. We
>>>>> strongly recommend to all users who manage this type of installation
>>>>> to follow the instructions in the above advisory in order to mitigate
>>>>> the security risk caused by this vulnerability.
>>>>>
>>>>> -- The Wink team
>>>>
>>>>
>>
>>
>

Mime
View raw message