CESICAT sent me an email on Sep 13, 2019, 4:54 PM stating the following:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 17 2019
Sep 9 2019
I haven't updated this report for a long time, so this is the timeline of the most important events since CESICAT had access to the vulnerability details until now:
Aug 23 2019
T13 and T14 were considered the same bug by Google in their own issue tracker, so I marked T14 as a duplicate of T13 in my issue tracker.
Jun 19 2019
Jun 15 2019
Jun 11 2019
I emailed an AES-256 encrypted ZIP file with a translation of this report in Catalan on Jun 10, 3:18 AM and I just gave CESICAT the key via another contact method, so I'm setting this vulnerability as reported on Jun 11, 1:00 PM because this is when they first had access to the document.
Jun 10 2019
Jun 5 2019
Prinsen Group seems to have disappeared completely from the map and exactly 1 year has passed since the vulnerability was first known, so I'm disclosing it publicly and marking it as WontFix.
Mar 19 2019
The third party says the vulnerability is fixed and I could verify it too, so I'm publishing the vulnerability.
The third party says the vulnerability is fixed and I could verify it too, so I'm publishing the vulnerability.
Mar 18 2019
Mar 17 2019
I received a repsonse from them on Tue, Mar 12, 6:44 PM:
Just as an observation, this report was sent to pau@ub.edu on Feb 7, 2019, 12:43 AM, 20 days ago.
I've been quite busy for the last week so I haven't been able to update this issue until today.
Jan 9 2019
On Tuesday, December 13, at 10:12 AM, a Jutge.org developer told me that this had been fixed, and I could verify it that same day.
Jun 5 2018
May 2 2018
Apr 28 2018
Yesterday at 14:26 someone from CESICAT called me in order to confirm that the issue was solved, as I had noticed the day before, when I updated this report.
Apr 26 2018
CESICAT hasn't replied yet to the message I sent them yesterday, but I have just seen that they the reproduction steps are no longer functional, so they must have fixed it or are actively working on fixing it.