|
Message-ID: <54C2BD56.7020506@redhat.com>
Date: Fri, 23 Jan 2015 14:29:58 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
Assign a CVE Identifier <cve-assign@...re.org>, security@...zilla.org
Subject: CVE request for BZ
http://www.bugzilla.org/security/4.0.15/
one has a CVE, and this one does not:
Class: Information Leak
Versions: 2.23.3 to 4.0.15, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to
4.5.6
Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Using the WebServices API, a user can possibly execute imported
functions from other non-WebService modules. A whitelist
has now
been added that lists explicit methods that can be executed
via the
API.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
was this classed as hardening hence no CVE? E.g. has no exploit been
found, or?
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.