You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-users@xerces.apache.org by Pankaj Jairath <pj...@yahoo-inc.com> on 2010/01/12 07:59:16 UTC
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Michael, any updates to this release ?.
Thanks,
-/Pankaj
Pankaj Jairath wrote:
> Any updates to this release date ?.
>
> Thanks,
> -/Pankaj
>
> Michael Glavassevich wrote:
>
>> That is a tentative date. Give or take a few days. There are still
>> some loose ends to take care of and can take some time for the
>> published build to propagate on to the mirror download sites.
>>
>> Thanks.
>>
>> Michael Glavassevich
>> XML Parser Development
>> IBM Toronto Lab
>> E-mail: mrglavas@ca.ibm.com
>> E-mail: mrglavas@apache.org
>>
>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>
>>
>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>> today, Friday 18th Dec'2009.
>>>
>>> Thanks,
>>> -/Pankaj Jairath
>>>
>>> Michael Glavassevich wrote:
>>>
>>>> Hi,
>>>>
>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>
>> the
>>
>>>> week. The patch can be easily applied to earlier releases (for those
>>>> who need that).
>>>>
>>>> Thanks.
>>>>
>>>> Michael Glavassevich
>>>> XML Parser Development
>>>> IBM Toronto Lab
>>>> E-mail: mrglavas@ca.ibm.com
>>>> E-mail: mrglavas@apache.org
>>>>
>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>
>> 03:51:19 AM:
>>
>>>>> I am following up on this issue reported at -
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>
>> see
>>
>>>> the
>>>>
>>>>> following check-in trunk for XMLScanner.java :
>>>>>
>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>
>>>>> which apparently fixes the issue.
>>>>>
>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>
>> include this
>>
>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>> available 2 years ago.
>>>>>
>>>>> Thanks,
>>>>> -/Pankaj
>>>>>
>>>>>
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>>
>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> For additional commands, e-mail: j-dev-help@xerces.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
There's not much left to do but it's a matter of finding the time which I
haven't had so far since the new year. It should be soon though.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 01/13/2010 07:52:02 AM:
> Not received any response to this. Could somebody provide the corrected
> dates now ?.
>
> -/Pankaj
>
> Pankaj Jairath wrote:
> > Michael, any updates to this release ?.
> >
> > Thanks,
> > -/Pankaj
> >
> > Pankaj Jairath wrote:
> >
> >> Any updates to this release date ?.
> >>
> >> Thanks,
> >> -/Pankaj
> >>
> >> Michael Glavassevich wrote:
> >>
> >>
> >>> That is a tentative date. Give or take a few days. There are still
> >>> some loose ends to take care of and can take some time for the
> >>> published build to propagate on to the mirror download sites.
> >>>
> >>> Thanks.
> >>>
> >>> Michael Glavassevich
> >>> XML Parser Development
> >>> IBM Toronto Lab
> >>> E-mail: mrglavas@ca.ibm.com
> >>> E-mail: mrglavas@apache.org
> >>>
> >>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31
PM:
> >>>
> >>>
> >>>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> >>>> today, Friday 18th Dec'2009.
> >>>>
> >>>> Thanks,
> >>>> -/Pankaj Jairath
> >>>>
> >>>> Michael Glavassevich wrote:
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
> >>>>>
> >>>>>
> >>> the
> >>>
> >>>
> >>>>> week. The patch can be easily applied to earlier releases (for
those
> >>>>> who need that).
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Michael Glavassevich
> >>>>> XML Parser Development
> >>>>> IBM Toronto Lab
> >>>>> E-mail: mrglavas@ca.ibm.com
> >>>>> E-mail: mrglavas@apache.org
> >>>>>
> >>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> >>>>>
> >>>>>
> >>> 03:51:19 AM:
> >>>
> >>>
> >>>>>> I am following up on this issue reported at -
> >>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> >>>>>>
> >>>>>>
> >>> see
> >>>
> >>>
> >>>>> the
> >>>>>
> >>>>>
> >>>>>> following check-in trunk for XMLScanner.java :
> >>>>>>
> >>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> >>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >>>>>>
> >>>>>> which apparently fixes the issue.
> >>>>>>
> >>>>>> Question : Can we have a newer drop of Xerces2 which shall
> >>>>>>
> >>>>>>
> >>> include this
> >>>
> >>>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
> >>>>>> available 2 years ago.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -/Pankaj
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>>>
> >>>>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>
> >>>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
There's not much left to do but it's a matter of finding the time which I
haven't had so far since the new year. It should be soon though.
Thanks.
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Pankaj Jairath <pj...@yahoo-inc.com> wrote on 01/13/2010 07:52:02 AM:
> Not received any response to this. Could somebody provide the corrected
> dates now ?.
>
> -/Pankaj
>
> Pankaj Jairath wrote:
> > Michael, any updates to this release ?.
> >
> > Thanks,
> > -/Pankaj
> >
> > Pankaj Jairath wrote:
> >
> >> Any updates to this release date ?.
> >>
> >> Thanks,
> >> -/Pankaj
> >>
> >> Michael Glavassevich wrote:
> >>
> >>
> >>> That is a tentative date. Give or take a few days. There are still
> >>> some loose ends to take care of and can take some time for the
> >>> published build to propagate on to the mirror download sites.
> >>>
> >>> Thanks.
> >>>
> >>> Michael Glavassevich
> >>> XML Parser Development
> >>> IBM Toronto Lab
> >>> E-mail: mrglavas@ca.ibm.com
> >>> E-mail: mrglavas@apache.org
> >>>
> >>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31
PM:
> >>>
> >>>
> >>>
> >>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
> >>>> today, Friday 18th Dec'2009.
> >>>>
> >>>> Thanks,
> >>>> -/Pankaj Jairath
> >>>>
> >>>> Michael Glavassevich wrote:
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
> >>>>>
> >>>>>
> >>> the
> >>>
> >>>
> >>>>> week. The patch can be easily applied to earlier releases (for
those
> >>>>> who need that).
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Michael Glavassevich
> >>>>> XML Parser Development
> >>>>> IBM Toronto Lab
> >>>>> E-mail: mrglavas@ca.ibm.com
> >>>>> E-mail: mrglavas@apache.org
> >>>>>
> >>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
> >>>>>
> >>>>>
> >>> 03:51:19 AM:
> >>>
> >>>
> >>>>>> I am following up on this issue reported at -
> >>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
> >>>>>>
> >>>>>>
> >>> see
> >>>
> >>>
> >>>>> the
> >>>>>
> >>>>>
> >>>>>> following check-in trunk for XMLScanner.java :
> >>>>>>
> >>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
> >>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
> >>>>>>
> >>>>>> which apparently fixes the issue.
> >>>>>>
> >>>>>> Question : Can we have a newer drop of Xerces2 which shall
> >>>>>>
> >>>>>>
> >>> include this
> >>>
> >>>
> >>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
> >>>>>> available 2 years ago.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -/Pankaj
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>>>
> >>>>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
> >>>>
> >>>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
> >> For additional commands, e-mail: j-dev-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Not received any response to this. Could somebody provide the corrected
dates now ?.
-/Pankaj
Pankaj Jairath wrote:
> Michael, any updates to this release ?.
>
> Thanks,
> -/Pankaj
>
> Pankaj Jairath wrote:
>
>> Any updates to this release date ?.
>>
>> Thanks,
>> -/Pankaj
>>
>> Michael Glavassevich wrote:
>>
>>
>>> That is a tentative date. Give or take a few days. There are still
>>> some loose ends to take care of and can take some time for the
>>> published build to propagate on to the mirror download sites.
>>>
>>> Thanks.
>>>
>>> Michael Glavassevich
>>> XML Parser Development
>>> IBM Toronto Lab
>>> E-mail: mrglavas@ca.ibm.com
>>> E-mail: mrglavas@apache.org
>>>
>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>>
>>>
>>>
>>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>>> today, Friday 18th Dec'2009.
>>>>
>>>> Thanks,
>>>> -/Pankaj Jairath
>>>>
>>>> Michael Glavassevich wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>>
>>>>>
>>> the
>>>
>>>
>>>>> week. The patch can be easily applied to earlier releases (for those
>>>>> who need that).
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Michael Glavassevich
>>>>> XML Parser Development
>>>>> IBM Toronto Lab
>>>>> E-mail: mrglavas@ca.ibm.com
>>>>> E-mail: mrglavas@apache.org
>>>>>
>>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>>
>>>>>
>>> 03:51:19 AM:
>>>
>>>
>>>>>> I am following up on this issue reported at -
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>>
>>>>>>
>>> see
>>>
>>>
>>>>> the
>>>>>
>>>>>
>>>>>> following check-in trunk for XMLScanner.java :
>>>>>>
>>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>>
>>>>>> which apparently fixes the issue.
>>>>>>
>>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>>
>>>>>>
>>> include this
>>>
>>>
>>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>>> available 2 years ago.
>>>>>>
>>>>>> Thanks,
>>>>>> -/Pankaj
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org
Re: [IMPORTANT]Vulnerability issue CVE-2009-2625
Posted by Pankaj Jairath <pj...@yahoo-inc.com>.
Not received any response to this. Could somebody provide the corrected
dates now ?.
-/Pankaj
Pankaj Jairath wrote:
> Michael, any updates to this release ?.
>
> Thanks,
> -/Pankaj
>
> Pankaj Jairath wrote:
>
>> Any updates to this release date ?.
>>
>> Thanks,
>> -/Pankaj
>>
>> Michael Glavassevich wrote:
>>
>>
>>> That is a tentative date. Give or take a few days. There are still
>>> some loose ends to take care of and can take some time for the
>>> published build to propagate on to the mirror download sites.
>>>
>>> Thanks.
>>>
>>> Michael Glavassevich
>>> XML Parser Development
>>> IBM Toronto Lab
>>> E-mail: mrglavas@ca.ibm.com
>>> E-mail: mrglavas@apache.org
>>>
>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/17/2009 11:21:31 PM:
>>>
>>>
>>>
>>>> Hello Michael , Just to confirm we are expecting Xerces-J 2.10.0 by
>>>> today, Friday 18th Dec'2009.
>>>>
>>>> Thanks,
>>>> -/Pankaj Jairath
>>>>
>>>> Michael Glavassevich wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> We're planning on having a release (Xerces-J 2.10.0) at the end of
>>>>>
>>>>>
>>> the
>>>
>>>
>>>>> week. The patch can be easily applied to earlier releases (for those
>>>>> who need that).
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Michael Glavassevich
>>>>> XML Parser Development
>>>>> IBM Toronto Lab
>>>>> E-mail: mrglavas@ca.ibm.com
>>>>> E-mail: mrglavas@apache.org
>>>>>
>>>>> Pankaj Jairath <pj...@yahoo-inc.com> wrote on 12/14/2009
>>>>>
>>>>>
>>> 03:51:19 AM:
>>>
>>>
>>>>>> I am following up on this issue reported at -
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I
>>>>>>
>>>>>>
>>> see
>>>
>>>
>>>>> the
>>>>>
>>>>>
>>>>>> following check-in trunk for XMLScanner.java :
>>>>>>
>>>>>> http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
>>>>>> xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353
>>>>>>
>>>>>> which apparently fixes the issue.
>>>>>>
>>>>>> Question : Can we have a newer drop of Xerces2 which shall
>>>>>>
>>>>>>
>>> include this
>>>
>>>
>>>>>> critical fix ?, the last one is tagged as 2.9.1, which was made
>>>>>> available 2 years ago.
>>>>>>
>>>>>> Thanks,
>>>>>> -/Pankaj
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>>>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
>> For additional commands, e-mail: j-dev-help@xerces.apache.org
>>
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org