Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <52EF285D.3030103@redhat.com>
Date: Mon, 03 Feb 2014 15:25:49 +1000
From: David Jorm <djorm@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: multiple issues in Apache Cordova/PhoneGap

Multiple issues have been reported in Apache Cordova:

http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt

These issues have been discussed and acknowledged on the Cordova 
development list:

http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:results

These issues also affect PhoneGap, the commercial product built by Adobe 
Systems, which is based on Apache Cordova. However, there is no 
indication that the Adobe CNA has assigned any CVE IDs to these issues. 
Given Apache Cordova is an open source project, I think it is in scope 
for CVE IDs to be assigned on the oss-security list.

Thanks
--
David Jorm / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.