W3C home > Mailing lists > Public > www-tag@w3.org > January 2007

RE: ban the use and implementation of UTF-7

From: Paul Denning <pauld@mitre.org>
Date: Wed, 03 Jan 2007 13:27:56 -0500
Message-Id: <7.0.1.0.0.20070103132158.09273a38@mitre.org>
To: W3C TAG <www-tag@w3.org>

At 01:21 PM 2006-12-22, Paul Cotton wrote:
> > But as far as the browsers are concerned, if the TAG can come
> > up with a finding that e.g. also gives some more details and
> > examples about the security issues you mention, then we might
> > also be able to point to this document from anything on the
> > IETF or IANA side.
>
>Here is a publicly available description of this problem:
>http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0296.html
>
>/paulc

Also see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5442

And see below for other CVE entries with UTF-7
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=UTF-7

Paul 
Received on Wednesday, 3 January 2007 18:28:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:51 UTC