Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110724115108.GA23390@foo.fgeek.fi>
Date: Sun, 24 Jul 2011 14:51:08 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: bressers@...hat.com, coley@...re.org, hanno@...eck.de
Subject: Re: CVE request: silverstripe before 2.4.4

On Tue, Jan 04, 2011 at 11:58:32AM -0500, Josh Bressers wrote:
> ----- Original Message -----
> > http://www.silverstripe.org/security-releases/
> > 
> > Silverstripe 2.4.4 notes:
> > SQL information disclosure, SQL injection in Translatable extension,
> > Cross Site Request Forgery in various CMS interfaces, XSS in controller
> > action handling
> > 
> > (if someone is motivated one could also assign CVEs to all the old
> > version issues)
> > 
> 
> This one is way bigger than I can handle. I shall defer it to MITRE. It's
> going to take a lot of work and CVE ids.
> 
> Thanks.
> 
> -- 
>     JB

Did this got responded? At least there is no replies in this thread:

http://seclists.org/oss-sec/2011/q1/23

Best regards,
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.