Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9

On Thu, Apr 01, 2010 at 03:31:18PM -0400, Josh Bressers wrote:
> ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
> > Hi Steve, vendors,
> >
> > though April the First today, this doesn't seem to be a joke:
> >
> > a, Zabbix <= 1.8.1 SQL Injection
> >
> > [1] http://seclists.org/fulldisclosure/2010/Apr/1
> > [2] http://www.zabbix.com/rn1.8.2.php
>
> Use CVE-2010-1144 for this one

Josh, in a later mail you've assigned the same ID to a libnids issue:

| > http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt
| >
| > "v1.24 Mar 14 2010
| > - fixed another remotely triggerable NULL dereference in
| > ip_fragment.c"
| >
| > [3] http://secunia.com/advisories/39225/
| >
| > Could you allocate a CVE id for it?
| >
|
| Please use CVE-2010-1144

Cheers,
        Moritz

• This message: [ Message body ]
• Next message: Jan Lieskovsky: "[oss-security] CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message"
• Previous message: Nicolas GREGOIRE: "RE: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9"
• In reply to: Josh Bressers: "Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9"
• Next in thread: Tomas Hoger: "Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9"
• Reply: Tomas Hoger: "Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]