On Sun, Aug 16, 2009 at 11:19 AM, xor<xor at gmx.li> wrote: > On Sunday 16 August 2009 17:50:21 Ian Clarke wrote: >> >> Can't we use a 3rd party XML parsing library to get around this >> vulnerability? > > We should rather nag Sun or the responsible Mac people (I don't know whether > they have package management and just not upgraded the package yet or whether > Sun did not deploy a new version?) to fix the issue, it is a shame that a > remotely exploitable bug is not fixed for weeks.
Unfortunately Apple is responsible for the JRE on OSX and they are notorious for neglecting it, and leaving unpatched vulnerabilities open for months, even years :-( > Its not our job, and switching to other libraries would be a major amount of > work I guess. Well, it may not be our fault, but it is our problem if Mac users are either vulnerable, or can't get full use of Freenet and get scary messages on the fproxy front page. Ian. -- Ian Clarke CEO, Uprizer Labs Email: ian at uprizer.com Ph: +1 512 422 3588 Fax: +1 512 276 6674
