Summary: | dev-java/sun-javamail-bin MimeMessage Information Disclosure (CAN-2005-1682) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Adir Abraham <adirab> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED CANTFIX | ||
Severity: | minor | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/13683 | ||
Whiteboard: | B4 [upstream+] | ||
Package list: | Runtime testing required: | --- |
Description
Adir Abraham
2005-05-19 14:11:35 UTC
java please advise. No fix yet from Sun. 1.3.3 is in "early release" stage. Maybe it contains the fixorz. 1.3.3 is out, and apparently the thing wasn't fixed : http://java.sun.com/products/javamail/CHANGES.txt I think we should close this one as CANTFIX and declare this a feature, not a vulnerability. Servers using JavaMail for implementation can put protections in place to avoid the problem... Since upstream doesn't consider this a vulnerability, we'll suppose tey consider it is a feature to be able to request any messageno as any user, and the task of the API implementer to put additional safeguards if needed. Closing as CANTFIX. Reopen if you disagree. |