[EXT] Re: [xsde-users] Codesynthesis XSDE security vulnerabilities database

Tue Feb 13 15:19:01 EST 2024

Thank you Boris.
We will look for vulnerabilities in Expat product in the meanwhile. Can you also share the version of expat that CXSDE uses.

Can you also notify here if and when you happen to publish any vulnerabilites to mitre.org.

Thanks,
Shrikant Yegnaram

Confidential Information
-----Original Message-----
From: Boris Kolpackov +ADw-boris+AEA-codesynthesis.com+AD4
Sent: Monday, February 12, 2024 7:29 AM
To: Yegnaram, Shrikant +ADw-SYegnaram+AEA-cls-bank.com+AD4
Cc: xsde-users+AEA-codesynthesis.com
Subject: +AFs-EXT+AF0 Re: +AFs-xsde-users+AF0 Codesynthesis XSDE security vulnerabilities database

+ADw-div align+AD0-left+AD4APA-table class+AD0-MsoNormalTable border+AD0-0 cellspacing+AD0-0 cellpadding+AD0-0 align+AD0-left+AD4APA-tr+AD4APA-td width+AD0-100+ACU style+AD0'width:100+ACUAOw-border-top:solid +ACM-E32719 3.0pt+ADs-border-left:none+ADs-border-bottom:solid +ACM-E32719 3.0pt+ADs-border-right:none+ADs-padding:0in 0in 0in 0in+ADs-background:+ACM-E1E73C+ADs'+AD4APA-p class+AD0-MsoNormal align+AD0-left style+AD0'text-align:left'+AD4APA-b+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-CF4520'+AD4-Be careful with this message: +ADw-/span+AD4APA-/b+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-C00000'+AD4APA-/span+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-002855'+AD4-it has been sent from an +ADw-b+AD4-external+ADw-/b+AD4 email address. +ADw-br+AD4-Do not open attachments or click links from unknown senders or unexpected email.+ADw-/span+AD4APA-/p+AD4APA-/td+AD4APA-/tr+AD4APA-/table+AD4APA-/div+AD4
Yegnaram, Shrikant +ADw-SYegnaram+AEA-cls-bank.com+AD4 writes:

+AD4 Do you have plans to publish any known vulnerabilities of the
+AD4 Codesynthesis XSDE product into
+AD4
+AD4 CVE - CVE (mitre.org)+ADw-https://cve.mitre.org/+AD4
+AD4 NVD - Home (nist.gov)+ADw-https://nvd.nist.gov/+AD4

We will try to create CVE numbers for any security vulnerabilities (so far there hasn't been any known) and submit them to mitre.org.

Note that libxsde includes a copy of Expat which does get CVEs from time to time (and which we backport to libxsde). However, we will not be duplicating these as our own. So I would suggest that you subscribe to any vulnerabilities in Expat.
+ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAq
WARNING: This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

E-mails are not encrypted and cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender 
therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of this e-mail transmission. If verification is required, please request a hard copy version.

CLS is committed to protecting and safeguarding your personal data. Our privacy notice (https://www.cls-group.com/privacy) provides you with information about how we process and protect your personal data.
We aim to ensure direct marketing is reasonable, proportionate and of relevance to you. However, if you no longer want to receive direct marketing from us please email dpo+AEA-cls-services.com