Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CALiX4iavwQ6UVboSJCkO2S_e5vkH61BCKtAsq1G058npDKp0bA@mail.gmail.com>
Date: Thu, 9 May 2019 21:42:58 +0200
From: Michael Vorburger <vorburger@...che.org>
To: oss-security@...ts.openwall.com
Subject: [CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL Injection
 Vulnerabilities fixed in v1.3.0

Hello oss-security@...ts.openwall.com,

As suggested on https://apache.org/security/committers.html, forwarding you
the below:

---------- Forwarded message ---------
From: Michael Vorburger <vorburger@...che.org>
Date: Thu, May 9, 2019 at 9:35 PM
Subject: [CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL
Injection Vulnerabilities fixed in v1.3.0
To: <dev@...eract.apache.org>
Cc: Apache Security Team <security@...che.org>


Hello,

The Apache Fineract project would like to hereby disclose that our 1.3.0
release includes fixes for the CVE-2018-11800 and CVE-2018-11801 SQL
Injection vulnerabilities (the first one in a query on the
GroupSummaryCounts table, the second on the m_center data table).

We would like to thank Niels Heinen from Google for reporting this issue
and the Apache Security team for their assistance.

See also
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
.

Best,
M.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.