Additional Security issues
Daniel Atallah
daniel.atallah at gmail.com
Tue Feb 5 17:51:07 EST 2013
On Tue, Feb 5, 2013 at 5:37 PM, Mark Doliner <mark at kingant.net> wrote:
> Thanks for sending these out! I'll try to take a look soon.
>
> These aren't public knowledge yet, right? I think I'd still prefer to
> do a release within the next week or so with the two MXit fixes and
> with updated CA certs, and then do another release later and include
> fixes for:
> - these issues
> - yahoo failure to validate utf8
> - possibly fix the pango MS Windows crash with some characters
Correct, they're not public.
I guess it seems preferable to me to have a release that addresses all
known CVEs instead of releasing early to address only a subset and
having yet another follow security release (I'm assuming that at this
point none of these are public).
Is the urgency related to the CA cert?
-D
More information about the security
mailing list