• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: XCode 3.1 is out.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XCode 3.1 is out.

  • Subject: Re: XCode 3.1 is out.
  • From: Miguel Arroz <email@hidden>
  • Date: Sun, 13 Jul 2008 00:37:14 +0100
Hi!

  Yap. From the Apple security announcements mail-list:

WebObjects
CVE-ID:  CVE-2008-2318
Available for:  Mac OS X v10.5.x
Impact:  WebObjects session IDs may be disclosed to other web sites
Description:  WebObjects contains an API to generate URLs in HTML
documents via the WOHyperlink dynamic element. When WOHyperlink is
used, it always appends a session ID to the generated URL, even for
absolute URLs. Using WOHyperlink to create URLs that point at other
web sites may result in the disclosure of the current user's session
ID to those sites. This update addresses the issue by appending
session IDs to absolute URLs only when explicitly requested.

I'm still trying to understand this, specially what do they mean by "even for absolute URLs".

  Yours

Miguel Arroz

On 2008/07/13, at 00:29, Joe Little wrote:

apparently, there was a security issue in there resolved by this
release. Likely:

5657595	WOHyperlink generates WOSID's on absolute URLs

see http://www.macnn.com/articles/08/07/12/apple.xcode.tools.31/

On Fri, Jul 11, 2008 at 6:09 PM, Pascal Robert <email@hidden> wrote: 
And WO 5.4.2 release notes :

      http://support.apple.com/kb/HT1979

Available at the usual place.

https://connect.apple.com

--
Seeya...Q

Quinton Dolan - email@hidden
Gold Coast, QLD, Australia (GMT+10)
Ph: +61 419 729 806



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



-------------------------------------------------------
Pascal Robert

http://www.macti.ca
http://www.linkedin.com/in/macti

Skype: MacTICanada
AIM/iChat : MacTICanada

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


http://www.survs.com

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: XCode 3.1 is out.
      • From: Johann Werner <email@hidden>
References: 
 >XCode 3.1 is out. (From: Q <email@hidden>)
 >Re: XCode 3.1 is out. (From: Pascal Robert <email@hidden>)
 >Re: XCode 3.1 is out. (From: "Joe Little" <email@hidden>)

  • Prev by Date: Re: XCode 3.1 is out.
  • Next by Date: problem twith running wo application
  • Previous by thread: Re: XCode 3.1 is out.
  • Next by thread: Re: XCode 3.1 is out.
  • Index(es):
    • Date
    • Thread