[EMAIL PROTECTED] wrote: > > Hi everyone > > I am going to delay the release of my exploit by another week as > there are 2 OpenID servers which have not patched this > vulnerability yet. >
I note that the Net::OpenID Perl libraries maintained by Brad Fitzpatrick and used on LiveJournal have not been patched yet. Does this vulnerability affect LiveJournal's implementation? If so, have you already informed Brad? I may also be able to prepare and commit a patch for those libraries myself if you disclose the flaw to me privately. _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
