oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE-2010-4225: XSP/mod_mono sou

Re: [oss-security] CVE-2010-4225: XSP/mod_mono source code disclosure

From: Vincent Danen <vdanen_at_nospam>
Date: Thu Jan 20 2011 - 17:52:18 GMT
To: oss-security@lists.openwall.com

* [2011-01-20 18:22:03 +0100] Oden Eriksson wrote:

>fredag 07 januari 2011 10:36:00 skrev Thomas Biege:
>> Hello,
>>
>> our Mono team released a security update to fix a source-code disclosure
>> bug.
>>
>> http://www.mono-project.com/Vulnerabilities
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4225
>>
>> Cheers,
>> Thomas
>
>Where's the fix for this?

It's fixed in mod_mono 2.8.2. I have no idea where a patch can be found
(in their git repo somewhere probably).

-- Vincent Danen / Red Hat Security Response Team