That's very curious. The CVE that Adobe references in their release (
CVE-2012-0770 ) doesn't seem to be a valid CVE number, though it comes
up in some google searches. But it isn't in the National Vulnerability
Database or at cvedetails.com
The vulnerability they are describing seems to be the
The vulnerability they are describing seems to be the one described here
From the comment below, I think it is the same issue
http://forums.adobe.com/message/4264032#4264032
-Leigh
~|
Order the Adobe Coldfusion Anthology
Thanks, Leigh, looks like that verifies that it is the same issue. Now
I'm curious why it took Adobe til the middle of March to fix a
vulnerability that everyone else fixed by early January at the latest.
At least it is fixed.
Cheers,
Judah
On Tue, Mar 13, 2012 at 12:29 PM, Leigh
Judah - I was wondering the same thing. When it was first announced, I could
not seem to find any CF specific details. I just assumed it was applicable
because java was vulnerable.
-Leigh
From: Judah McAuley
Sent: Tuesday, March 13, 2012 3:36 PM
Subject: Re: hash collision
Thanks, Leigh
On Tue, Mar 13, 2012 at 8:36 PM, Judah McAuley wrote:
Thanks, Leigh, looks like that verifies that it is the same issue. Now
I'm curious why it took Adobe til the middle of March to fix a
vulnerability that everyone else fixed by early January at the latest.
Just like with their other
On Tue, Mar 13, 2012 at 1:06 PM, Jochem van Dieten joch...@gmail.com wrote:
On Tue, Mar 13, 2012 at 8:36 PM, Judah McAuley wrote:
Thanks, Leigh, looks like that verifies that it is the same issue. Now
I'm curious why it took Adobe til the middle of March to fix a
vulnerability that everyone
6 matches
Mail list logo
