oss-security April 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request -- Zabbix v1.8.2 an

Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9

From: Moritz Muehlenhoff <jmm_at_nospam>
Date: Fri Apr 02 2010 - 20:28:10 GMT
To: oss-security@lists.openwall.com

On Thu, Apr 01, 2010 at 03:31:18PM -0400, Josh Bressers wrote:
> ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
> > Hi Steve, vendors,
> >
> > though April the First today, this doesn't seem to be a joke:
> >
> > a, Zabbix <= 1.8.1 SQL Injection
> >
> > [1] http://seclists.org/fulldisclosure/2010/Apr/1
> > [2] http://www.zabbix.com/rn1.8.2.php
>
> Use CVE-2010-1144 for this one

Josh, in a later mail you've assigned the same ID to a libnids issue:

| > http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt
| >
| > "v1.24 Mar 14 2010
| > - fixed another remotely triggerable NULL dereference in
| > ip_fragment.c"
| >
| > [3] http://secunia.com/advisories/39225/
| >
| > Could you allocate a CVE id for it?
| >
|
| Please use CVE-2010-1144

Cheers,
        Moritz