Thanks, but... is it just me or is there content missing in the PDF? --jason
On Jul 6, 2010, at 1:20 PM, Mike Rheinheimer wrote: > Ok, changed it to PDF. Thanks. > > https://svn.apache.org/repos/asf/incubator/wink/trunk/security/CVE-2010-2245.pdf > > mike > > On Tue, Jul 6, 2010 at 1:59 PM, Jason Dillon <[email protected]> wrote: >> The docx format is not very friendly to share these details... PDF, HTML or >> even plain text would be much better IMO. >> >> --jason >> >> >> On Jul 6, 2010, at 9:46 AM, Mike Rheinheimer wrote: >> >>> The Wink team recently discovered a security issue that may allow an >>> attacker to carry out denial of service attacks and to read arbitrary >>> files on the file system of the node where Wink runs. Details of the >>> vulnerability are described in the following advisory: >>> >>> https://svn.apache.org/repos/asf/incubator/wink/trunk/security/CVE-2010-2245.docx >>> >>> This vulnerability may potentially be exploited on any Wink >>> installation that receives XML messages from untrusted sources. We >>> strongly recommend to all users who manage this type of installation >>> to follow the instructions in the above advisory in order to mitigate >>> the security risk caused by this vulnerability. >>> >>> -- The Wink team >> >>
