On Wed, Sep 23, 2009 at 5:43 PM, Waqas Hussain <[email protected]> wrote:
> That hack slightly reduces the attack surface, but does not eliminate it. If > any of the <identity/> element's attributes have a '/' in them, they are > open to attack despite the dummy feature. The thread on the security ML > talks about several related attacks, of which this one is probably the most > minor. > Just realized that I'm many messages behind in that thread, so ignore my previous mail, I'm not adding entropy where there is already plenty ;) -- Fabio Forno, Bluendo srl http://www.bluendo.com jabber id: [email protected]
