You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-users@xerces.apache.org by Michael Glavassevich <mr...@ca.ibm.com> on 2009/12/14 14:03:54 UTC
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Hi,
We're planning on having a release (Xerces-J 2.10.0) at the end of the
week. The patch can be easily applied to earlier releases (for those who
need that).
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009 03:51:19 AM:
> I am following up on this issue reported at -
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see the
> following check-in trunk for XMLScanner.java :
>
> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>
> which apparently fixes the issue.
>
> Question : Can we have a newer drop of Xerces2 which shall include this
> critical fix ?, the last one is tagged as 2.9.1, which was made
> available 2 years ago.
>
> Thanks,
> -/Pankaj
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Any updates to this release date ?.
Thanks,
-/Pankaj
Michael Glavassevich wrote:
>
> That is a tentative date. Give or take a few days. There are still
> some loose ends to take care of and can take some time for the
> published build to propagate on to the mirror download sites.
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>
> > Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> > today, Friday 18th Dec'2009.
> >
> > Thanks,
> > -/Pankaj Jairath
> >
> > Michael Glavassevich wrote:
> > >
> > > Hi,
> > >
> > > We're planning on having a release (Xerces-J 2.10.0) at the end of
> the
> > > week. The patch can be easily applied to earlier releases (for those
> > > who need that).
> > >
> > > Thanks.
> > >
> > > Michael Glavassevich
> > > XML Parser Development
> > > IBM Toronto Lab
> > > E-mail: mrglavas@ca.ibm.com
> > > E-mail: mrglavas@apache.org
> > >
> > > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> 03:51:19 AM:
> > >
> > > > I am following up on this issue reported at -
> > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> see
> > > the
> > > > following check-in trunk for XMLScanner.java :
> > > >
> > > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > > >
> > > > which apparently fixes the issue.
> > > >
> > > > Question : Can we have a newer drop of Xerces2 which shall
> include this
> > > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > > available 2 years ago.
> > > >
> > > > Thanks,
> > > > -/Pankaj
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > > For additional commands, e-mail: j-dev-help@xerces.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
There's not much left to do but it's a matter of finding the time which I
haven't had so far since the new year. It should be soon though.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 01/13/2010 07:52:02 AM:
> Not received any response to this. Could somebody provide the corrected
> dates now ?.
>
> -/Pankaj
>
> Pankaj Jairath wrote:
> > Michael, any updates to this release ?.
> >
> > Thanks,
> > -/Pankaj
> >
> > Pankaj Jairath wrote:
> >
> >> Any updates to this release date ?.
> >>
> >> Thanks,
> >> -/Pankaj
> >>
> >> Michael Glavassevich wrote:
> >>
> >>
> >>> That is a tentative date. Give or take a few days. There are still
> >>> some loose ends to take care of and can take some time for the
> >>> published build to propagate on to the mirror download sites.
> >>>
> >>> Thanks.
> >>>
> >>> Michael Glavassevich
> >>> XML Parser Development
> >>> IBM Toronto Lab
> >>> E-mail: mrglavas@ca.ibm.com
> >>> E-mail: mrglavas@apache.org
> >>>
> >>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31
PM:
> >>>
> >>>
> >>>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> >>>> today, Friday 18th Dec'2009.
> >>>>
> >>>> Thanks,
> >>>> -/Pankaj Jairath
> >>>>
> >>>> Michael Glavassevich wrote:
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
> >>>>>
> >>>>>
> >>> the
> >>>
> >>>
> >>>>> week. The patch can be easily applied to earlier releases (for
those
> >>>>> who need that).
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Michael Glavassevich
> >>>>> XML Parser Development
> >>>>> IBM Toronto Lab
> >>>>> E-mail: mrglavas@ca.ibm.com
> >>>>> E-mail: mrglavas@apache.org
> >>>>>
> >>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> >>>>>
> >>>>>
> >>> 03:51:19 AM:
> >>>
> >>>
> >>>>>> I am following up on this issue reported at -
> >>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> >>>>>>
> >>>>>>
> >>> see
> >>>
> >>>
> >>>>> the
> >>>>>
> >>>>>
> >>>>>> following check-in trunk for XMLScanner.java :
> >>>>>>
> >>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> >>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >>>>>>
> >>>>>> which apparently fixes the issue.
> >>>>>>
> >>>>>> Question : Can we have a newer drop of Xerces2 which shall
> >>>>>>
> >>>>>>
> >>> include this
> >>>
> >>>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
> >>>>>> available 2 years ago.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -/Pankaj
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>>>
> >>>>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>
> >>>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
There's not much left to do but it's a matter of finding the time which I
haven't had so far since the new year. It should be soon though.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 01/13/2010 07:52:02 AM:
> Not received any response to this. Could somebody provide the corrected
> dates now ?.
>
> -/Pankaj
>
> Pankaj Jairath wrote:
> > Michael, any updates to this release ?.
> >
> > Thanks,
> > -/Pankaj
> >
> > Pankaj Jairath wrote:
> >
> >> Any updates to this release date ?.
> >>
> >> Thanks,
> >> -/Pankaj
> >>
> >> Michael Glavassevich wrote:
> >>
> >>
> >>> That is a tentative date. Give or take a few days. There are still
> >>> some loose ends to take care of and can take some time for the
> >>> published build to propagate on to the mirror download sites.
> >>>
> >>> Thanks.
> >>>
> >>> Michael Glavassevich
> >>> XML Parser Development
> >>> IBM Toronto Lab
> >>> E-mail: mrglavas@ca.ibm.com
> >>> E-mail: mrglavas@apache.org
> >>>
> >>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31
PM:
> >>>
> >>>
> >>>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> >>>> today, Friday 18th Dec'2009.
> >>>>
> >>>> Thanks,
> >>>> -/Pankaj Jairath
> >>>>
> >>>> Michael Glavassevich wrote:
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
> >>>>>
> >>>>>
> >>> the
> >>>
> >>>
> >>>>> week. The patch can be easily applied to earlier releases (for
those
> >>>>> who need that).
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Michael Glavassevich
> >>>>> XML Parser Development
> >>>>> IBM Toronto Lab
> >>>>> E-mail: mrglavas@ca.ibm.com
> >>>>> E-mail: mrglavas@apache.org
> >>>>>
> >>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> >>>>>
> >>>>>
> >>> 03:51:19 AM:
> >>>
> >>>
> >>>>>> I am following up on this issue reported at -
> >>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> >>>>>>
> >>>>>>
> >>> see
> >>>
> >>>
> >>>>> the
> >>>>>
> >>>>>
> >>>>>> following check-in trunk for XMLScanner.java :
> >>>>>>
> >>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> >>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >>>>>>
> >>>>>> which apparently fixes the issue.
> >>>>>>
> >>>>>> Question : Can we have a newer drop of Xerces2 which shall
> >>>>>>
> >>>>>>
> >>> include this
> >>>
> >>>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
> >>>>>> available 2 years ago.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -/Pankaj
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>>>
> >>>>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>
> >>>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Not received any response to this. Could somebody provide the corrected
dates now ?.
-/Pankaj
Pankaj Jairath wrote:
> Michael, any updates to this release ?.
>
> Thanks,
> -/Pankaj
>
> Pankaj Jairath wrote:
>
>> Any updates to this release date ?.
>>
>> Thanks,
>> -/Pankaj
>>
>> Michael Glavassevich wrote:
>>
>>
>>> That is a tentative date. Give or take a few days. There are still
>>> some loose ends to take care of and can take some time for the
>>> published build to propagate on to the mirror download sites.
>>>
>>> Thanks.
>>>
>>> Michael Glavassevich
>>> XML Parser Development
>>> IBM Toronto Lab
>>> E-mail: mrglavas@ca.ibm.com
>>> E-mail: mrglavas@apache.org
>>>
>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>>
>>>
>>>
>>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>>> today, Friday 18th Dec'2009.
>>>>
>>>> Thanks,
>>>> -/Pankaj Jairath
>>>>
>>>> Michael Glavassevich wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>>
>>>>>
>>> the
>>>
>>>
>>>>> week. The patch can be easily applied to earlier releases (for those
>>>>> who need that).
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Michael Glavassevich
>>>>> XML Parser Development
>>>>> IBM Toronto Lab
>>>>> E-mail: mrglavas@ca.ibm.com
>>>>> E-mail: mrglavas@apache.org
>>>>>
>>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>>
>>>>>
>>> 03:51:19 AM:
>>>
>>>
>>>>>> I am following up on this issue reported at -
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>>
>>>>>>
>>> see
>>>
>>>
>>>>> the
>>>>>
>>>>>
>>>>>> following check-in trunk for XMLScanner.java :
>>>>>>
>>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>>
>>>>>> which apparently fixes the issue.
>>>>>>
>>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>>
>>>>>>
>>> include this
>>>
>>>
>>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>>> available 2 years ago.
>>>>>>
>>>>>> Thanks,
>>>>>> -/Pankaj
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Not received any response to this. Could somebody provide the corrected
dates now ?.
-/Pankaj
Pankaj Jairath wrote:
> Michael, any updates to this release ?.
>
> Thanks,
> -/Pankaj
>
> Pankaj Jairath wrote:
>
>> Any updates to this release date ?.
>>
>> Thanks,
>> -/Pankaj
>>
>> Michael Glavassevich wrote:
>>
>>
>>> That is a tentative date. Give or take a few days. There are still
>>> some loose ends to take care of and can take some time for the
>>> published build to propagate on to the mirror download sites.
>>>
>>> Thanks.
>>>
>>> Michael Glavassevich
>>> XML Parser Development
>>> IBM Toronto Lab
>>> E-mail: mrglavas@ca.ibm.com
>>> E-mail: mrglavas@apache.org
>>>
>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>>
>>>
>>>
>>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>>> today, Friday 18th Dec'2009.
>>>>
>>>> Thanks,
>>>> -/Pankaj Jairath
>>>>
>>>> Michael Glavassevich wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>>
>>>>>
>>> the
>>>
>>>
>>>>> week. The patch can be easily applied to earlier releases (for those
>>>>> who need that).
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Michael Glavassevich
>>>>> XML Parser Development
>>>>> IBM Toronto Lab
>>>>> E-mail: mrglavas@ca.ibm.com
>>>>> E-mail: mrglavas@apache.org
>>>>>
>>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>>
>>>>>
>>> 03:51:19 AM:
>>>
>>>
>>>>>> I am following up on this issue reported at -
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>>
>>>>>>
>>> see
>>>
>>>
>>>>> the
>>>>>
>>>>>
>>>>>> following check-in trunk for XMLScanner.java :
>>>>>>
>>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>>
>>>>>> which apparently fixes the issue.
>>>>>>
>>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>>
>>>>>>
>>> include this
>>>
>>>
>>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>>> available 2 years ago.
>>>>>>
>>>>>> Thanks,
>>>>>> -/Pankaj
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Michael, any updates to this release ?.
Thanks,
-/Pankaj
Pankaj Jairath wrote:
> Any updates to this release date ?.
>
> Thanks,
> -/Pankaj
>
> Michael Glavassevich wrote:
>
>> That is a tentative date. Give or take a few days. There are still
>> some loose ends to take care of and can take some time for the
>> published build to propagate on to the mirror download sites.
>>
>> Thanks.
>>
>> Michael Glavassevich
>> XML Parser Development
>> IBM Toronto Lab
>> E-mail: mrglavas@ca.ibm.com
>> E-mail: mrglavas@apache.org
>>
>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>
>>
>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>> today, Friday 18th Dec'2009.
>>>
>>> Thanks,
>>> -/Pankaj Jairath
>>>
>>> Michael Glavassevich wrote:
>>>
>>>> Hi,
>>>>
>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>
>> the
>>
>>>> week. The patch can be easily applied to earlier releases (for those
>>>> who need that).
>>>>
>>>> Thanks.
>>>>
>>>> Michael Glavassevich
>>>> XML Parser Development
>>>> IBM Toronto Lab
>>>> E-mail: mrglavas@ca.ibm.com
>>>> E-mail: mrglavas@apache.org
>>>>
>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>
>> 03:51:19 AM:
>>
>>>>> I am following up on this issue reported at -
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>
>> see
>>
>>>> the
>>>>
>>>>> following check-in trunk for XMLScanner.java :
>>>>>
>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>
>>>>> which apparently fixes the issue.
>>>>>
>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>
>> include this
>>
>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>> available 2 years ago.
>>>>>
>>>>> Thanks,
>>>>> -/Pankaj
>>>>>
>>>>>
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>>
>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Michael, any updates to this release ?.
Thanks,
-/Pankaj
Pankaj Jairath wrote:
> Any updates to this release date ?.
>
> Thanks,
> -/Pankaj
>
> Michael Glavassevich wrote:
>
>> That is a tentative date. Give or take a few days. There are still
>> some loose ends to take care of and can take some time for the
>> published build to propagate on to the mirror download sites.
>>
>> Thanks.
>>
>> Michael Glavassevich
>> XML Parser Development
>> IBM Toronto Lab
>> E-mail: mrglavas@ca.ibm.com
>> E-mail: mrglavas@apache.org
>>
>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>
>>
>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>> today, Friday 18th Dec'2009.
>>>
>>> Thanks,
>>> -/Pankaj Jairath
>>>
>>> Michael Glavassevich wrote:
>>>
>>>> Hi,
>>>>
>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>
>> the
>>
>>>> week. The patch can be easily applied to earlier releases (for those
>>>> who need that).
>>>>
>>>> Thanks.
>>>>
>>>> Michael Glavassevich
>>>> XML Parser Development
>>>> IBM Toronto Lab
>>>> E-mail: mrglavas@ca.ibm.com
>>>> E-mail: mrglavas@apache.org
>>>>
>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>
>> 03:51:19 AM:
>>
>>>>> I am following up on this issue reported at -
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>
>> see
>>
>>>> the
>>>>
>>>>> following check-in trunk for XMLScanner.java :
>>>>>
>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>
>>>>> which apparently fixes the issue.
>>>>>
>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>
>> include this
>>
>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>> available 2 years ago.
>>>>>
>>>>> Thanks,
>>>>> -/Pankaj
>>>>>
>>>>>
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>>
>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Any updates to this release date ?.
Thanks,
-/Pankaj
Michael Glavassevich wrote:
>
> That is a tentative date. Give or take a few days. There are still
> some loose ends to take care of and can take some time for the
> published build to propagate on to the mirror download sites.
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>
> > Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> > today, Friday 18th Dec'2009.
> >
> > Thanks,
> > -/Pankaj Jairath
> >
> > Michael Glavassevich wrote:
> > >
> > > Hi,
> > >
> > > We're planning on having a release (Xerces-J 2.10.0) at the end of
> the
> > > week. The patch can be easily applied to earlier releases (for those
> > > who need that).
> > >
> > > Thanks.
> > >
> > > Michael Glavassevich
> > > XML Parser Development
> > > IBM Toronto Lab
> > > E-mail: mrglavas@ca.ibm.com
> > > E-mail: mrglavas@apache.org
> > >
> > > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> 03:51:19 AM:
> > >
> > > > I am following up on this issue reported at -
> > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> see
> > > the
> > > > following check-in trunk for XMLScanner.java :
> > > >
> > > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > > >
> > > > which apparently fixes the issue.
> > > >
> > > > Question : Can we have a newer drop of Xerces2 which shall
> include this
> > > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > > available 2 years ago.
> > > >
> > > > Thanks,
> > > > -/Pankaj
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > > For additional commands, e-mail: j-dev-help@xerces.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Any updates to this release date ?.
Thanks,
-/Pankaj
Michael Glavassevich wrote:
>
> That is a tentative date. Give or take a few days. There are still
> some loose ends to take care of and can take some time for the
> published build to propagate on to the mirror download sites.
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>
> > Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> > today, Friday 18th Dec'2009.
> >
> > Thanks,
> > -/Pankaj Jairath
> >
> > Michael Glavassevich wrote:
> > >
> > > Hi,
> > >
> > > We're planning on having a release (Xerces-J 2.10.0) at the end of
> the
> > > week. The patch can be easily applied to earlier releases (for those
> > > who need that).
> > >
> > > Thanks.
> > >
> > > Michael Glavassevich
> > > XML Parser Development
> > > IBM Toronto Lab
> > > E-mail: mrglavas@ca.ibm.com
> > > E-mail: mrglavas@apache.org
> > >
> > > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> 03:51:19 AM:
> > >
> > > > I am following up on this issue reported at -
> > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> see
> > > the
> > > > following check-in trunk for XMLScanner.java :
> > > >
> > > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > > >
> > > > which apparently fixes the issue.
> > > >
> > > > Question : Can we have a newer drop of Xerces2 which shall
> include this
> > > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > > available 2 years ago.
> > > >
> > > > Thanks,
> > > > -/Pankaj
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > > For additional commands, e-mail: j-dev-help@xerces.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Any updates to this release date ?.
Thanks,
-/Pankaj
Michael Glavassevich wrote:
>
> That is a tentative date. Give or take a few days. There are still
> some loose ends to take care of and can take some time for the
> published build to propagate on to the mirror download sites.
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>
> > Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> > today, Friday 18th Dec'2009.
> >
> > Thanks,
> > -/Pankaj Jairath
> >
> > Michael Glavassevich wrote:
> > >
> > > Hi,
> > >
> > > We're planning on having a release (Xerces-J 2.10.0) at the end of
> the
> > > week. The patch can be easily applied to earlier releases (for those
> > > who need that).
> > >
> > > Thanks.
> > >
> > > Michael Glavassevich
> > > XML Parser Development
> > > IBM Toronto Lab
> > > E-mail: mrglavas@ca.ibm.com
> > > E-mail: mrglavas@apache.org
> > >
> > > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> 03:51:19 AM:
> > >
> > > > I am following up on this issue reported at -
> > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> see
> > > the
> > > > following check-in trunk for XMLScanner.java :
> > > >
> > > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > > >
> > > > which apparently fixes the issue.
> > > >
> > > > Question : Can we have a newer drop of Xerces2 which shall
> include this
> > > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > > available 2 years ago.
> > > >
> > > > Thanks,
> > > > -/Pankaj
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > > For additional commands, e-mail: j-dev-help@xerces.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
That is a tentative date. Give or take a few days. There are still some
loose ends to take care of and can take some time for the published build
to propagate on to the mirror download sites.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> today, Friday 18th Dec'2009.
>
> Thanks,
> -/Pankaj Jairath
>
> Michael Glavassevich wrote:
> >
> > Hi,
> >
> > We're planning on having a release (Xerces-J 2.10.0) at the end of the
> > week. The patch can be easily applied to earlier releases (for those
> > who need that).
> >
> > Thanks.
> >
> > Michael Glavassevich
> > XML Parser Development
> > IBM Toronto Lab
> > E-mail: mrglavas@ca.ibm.com
> > E-mail: mrglavas@apache.org
> >
> > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009 03:51:19
AM:
> >
> > > I am following up on this issue reported at -
> > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see
> > the
> > > following check-in trunk for XMLScanner.java :
> > >
> > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > >
> > > which apparently fixes the issue.
> > >
> > > Question : Can we have a newer drop of Xerces2 which shall include
this
> > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > available 2 years ago.
> > >
> > > Thanks,
> > > -/Pankaj
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
That is a tentative date. Give or take a few days. There are still some
loose ends to take care of and can take some time for the published build
to propagate on to the mirror download sites.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> today, Friday 18th Dec'2009.
>
> Thanks,
> -/Pankaj Jairath
>
> Michael Glavassevich wrote:
> >
> > Hi,
> >
> > We're planning on having a release (Xerces-J 2.10.0) at the end of the
> > week. The patch can be easily applied to earlier releases (for those
> > who need that).
> >
> > Thanks.
> >
> > Michael Glavassevich
> > XML Parser Development
> > IBM Toronto Lab
> > E-mail: mrglavas@ca.ibm.com
> > E-mail: mrglavas@apache.org
> >
> > Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009 03:51:19
AM:
> >
> > > I am following up on this issue reported at -
> > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see
> > the
> > > following check-in trunk for XMLScanner.java :
> > >
> > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> > >
> > > which apparently fixes the issue.
> > >
> > > Question : Can we have a newer drop of Xerces2 which shall include
this
> > > critical fix ?, the last one is tagged as 2.9.1, which was made
> > > available 2 years ago.
> > >
> > > Thanks,
> > > -/Pankaj
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
today, Friday 18th Dec'2009.
Thanks,
-/Pankaj Jairath
Michael Glavassevich wrote:
>
> Hi,
>
> We're planning on having a release (Xerces-J 2.10.0) at the end of the
> week. The patch can be easily applied to earlier releases (for those
> who need that).
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009 03:51:19 AM:
>
> > I am following up on this issue reported at -
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see
> the
> > following check-in trunk for XMLScanner.java :
> >
> > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >
> > which apparently fixes the issue.
> >
> > Question : Can we have a newer drop of Xerces2 which shall include this
> > critical fix ?, the last one is tagged as 2.9.1, which was made
> > available 2 years ago.
> >
> > Thanks,
> > -/Pankaj
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
today, Friday 18th Dec'2009.
Thanks,
-/Pankaj Jairath
Michael Glavassevich wrote:
>
> Hi,
>
> We're planning on having a release (Xerces-J 2.10.0) at the end of the
> week. The patch can be easily applied to earlier releases (for those
> who need that).
>
> Thanks.
>
> Michael Glavassevich
> XML Parser Development
> IBM Toronto Lab
> E-mail: mrglavas@ca.ibm.com
> E-mail: mrglavas@apache.org
>
> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009 03:51:19 AM:
>
> > I am following up on this issue reported at -
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see
> the
> > following check-in trunk for XMLScanner.java :
> >
> > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >
> > which apparently fixes the issue.
> >
> > Question : Can we have a newer drop of Xerces2 which shall include this
> > critical fix ?, the last one is tagged as 2.9.1, which was made
> > available 2 years ago.
> >
> > Thanks,
> > -/Pankaj
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> > For additional commands, e-mail: j-dev-help@xerces.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org