oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: silverstripe befor

Re: [oss-security] CVE request: silverstripe before 2.4.4

From: Josh Bressers <bressers_at_nospam>
Date: Tue Jan 04 2011 - 16:58:32 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> http://www.silverstripe.org/security-releases/
> Silverstripe 2.4.4 notes:
> SQL information disclosure, SQL injection in Translatable extension,
> Cross Site Request Forgery in various CMS interfaces, XSS in controller
> action handling
> (if someone is motivated one could also assign CVEs to all the old
> version issues)

This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.


-- JB