Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121107071220.GA19837@hunt>
Date: Tue, 6 Nov 2012 23:12:20 -0800
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE Request -- axis2, axis2c

Hello Kurt, Steve, all,

I did not find CVEs for Axis2 or Axis2/c when going through the pile of
CVEs generated from the paper:

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Axis appeared to get CVE-2012-5784 but it is my understanding that Axis2
and Axis2/c are different codebases and should therefore get their own
CVE entries.

shmat_cccs12.pdf claims Axis2 is vulnerable but silent on Axis2/c.

Has anyone else looked into if Axis2/c is vulnerable? (I gave it a very
cursory inspection.) The project pages are silent on the issue.

Did I overlook these CVE entries?

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.