Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow p

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE

From: Mickael Istria <mistria@xxxxxxxxxx>
Date: Sun, 10 Dec 2017 11:57:31 +0100
Delivered-to: eclipse.org-architecture-council@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/eclipse.org-architecture-council>
List-help: <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/eclipse.org-architecture-council>, <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/eclipse.org-architecture-council>, <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=unsubscribe>

Hi all,

Thanks everyone for your comments. I didn't realize the issue is also present in Eclipse Andmore and not only in ADT, and that the ones who discovered it did make the effort of properly reporting it. Then the report is somehow correct to say "Eclipse" there so my initial concerns are not valid any invalid and don't have to trigger more action than fixing the reported vulnerability in Eclipse Andmore.

Cheers,

On Saturday, December 9, 2017, Gunnar Wagenknecht <gunnar@xxxxxxxxxxxxxxx> wrote:

On Dec 8, 2017, at 20:34, Mike Milinkovich <mike.milinkovich@eclipse-foundation.org> wrote:

I agree that we don't want to make this sound more bleak than it really is. But if this bug is in ADT (a Google product) and not the open source Eclipse IDE which is provided by the Eclipse Foundation and community, we may want to publicly clarify that.

Can someone confirm that is the case?

No, the vulnerability can also be found in Andmore.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169

It has not been fixed yet.

-Gunnar

--
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx, http://guw.io/

Mickael Istria

Eclipse IDE developer, at Red Hat Developers community

Elected Committer Representative at the Eclipse Foundation board of directors

References:
- [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
  - From: Mickael Istria
- Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
  - From: Max Rydahl Andersen
- Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
  - From: Mike Milinkovich
- Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
  - From: Gunnar Wagenknecht

Prev by Date: Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
Next by Date: [eclipse.org-architecture-council] Next meeting on Thursday
Previous by thread: Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
Next by thread: Re: [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
Index(es):
- Date
- Thread

Breadcrumbs