[Mono-bugs] [Bug 413534] VUL-0: Mono ASP.NET class library has potential XSS problem

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Jul 31 07:43:08 EDT 2008


https://bugzilla.novell.com/show_bug.cgi?id=413534

User meissner at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=413534#c2





--- Comment #2 from Marcus Meissner <meissner at novell.com>  2008-07-31 05:43:08 MDT ---
Two ways:

- prepare fixes before hand and have them ready for release when committed
- just commit and get all the fixed packages released afterwards

To decide:
I understand that Microsoft C# ASP.net is also affected, right?
If yes, waiting with disclosure for some time and perhaps coordinate to
some degree with MS might be appropriate.

If MS has a CVE for this issue, we can use also use it for Mono ASP.net,
otherwise we can get a own CVE entry.

=> wait for MS feedback for some days (I suggest until next week).


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the mono-bugs mailing list