Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2035741.oIHJTl3Sd1@tux.boltz.de.vu>
Date: Fri, 27 Jan 2012 11:56:33 +0100
From: Christian Boltz <oss-securrity@...ltz.de>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: PostfixAdmin SQL injections and XSS

Hello,

Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
> Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL
> vulnerabilities

> Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS
> vulnerabilities

Thanks.

I forgot to mention a small, but important detail: The credits ;-)

Credits go to 
    Filippo Cavallarin <filippo.cavallarin [at] codseq [dot] it> 
for finding most of the vulnerabilities and notifying us.

The only exception is 
    - create-domain: fix SQL injection (only exploitable by superadmins) 
which was found by Matthias Bethke <msbethke [at] sourceforge [dot] net>

Please add the credits to the CVEs.


Gruß

Christian Boltz
-- 
Und jetzt sei ein lieber Hase und hoppel irgendwohin, wo man knuddelige,
fluffige kleine Dinger wie Dich in den Arm nimmt und lieb hat.
[Robin S. Socha - d.c.o.u.l.m.]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.