[wix-users] CVE Score for DLL Hijack that 3.11.1 fixes?

John Ludlow john.ludlow.uk at gmail.com
Thu Feb 1 09:37:49 PST 2018


Thanks Rob,

I'll feed that to the relevant people. That probably means that we will
defer the upgrade at this point until early in our next release (or at
least that's more likely).

Thanks

John

On 1 February 2018 at 17:35, Rob Mensching via wix-users <
wix-users at lists.wixtoolset.org> wrote:

> > Does this exist in a database such as cve.mitre.org or NVD?
>
> No. It was not filed there.
>
> _____________________________________________________________
>  Short replies here. Complete answers over there:
> http://www.firegiant.com/
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf
> Of John Ludlow via wix-users
> Sent: Thursday, February 1, 2018 9:09 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: John Ludlow <john.ludlow.uk at gmail.com>
> Subject: [wix-users] CVE Score for DLL Hijack that 3.11.1 fixes?
>
>  Hi,
>
> We are currently using WiX 3.11, and are evaluating whether we want to
> upgrade to WiX 3.11.1 in our next release (which is in its final stages) or
> stay on 3.11 until early in our next release.
>
> Obviously the main talking point is this vulnerability and its fix:
> https://github.com/wixtoolset/issues/issues/5184/
>
> One piece of evidence that would help is the CVSS/CVE scores for this
> vulnerability. Does this exist in a database such as cve.mitre.org or NVD?
>
> If not then we would still update but it's more likely that we would do
> that early next release.
>
> Thanks
>
> John
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>



More information about the wix-users mailing list