Re: [oss-security] CVE request: silverstripe before 2.4.4

From: Josh Bressers <bressers_at_nospam>
Date: Tue Jan 04 2011 - 16:58:32 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> http://www.silverstripe.org/security-releases/
>
> Silverstripe 2.4.4 notes:
> SQL information disclosure, SQL injection in Translatable extension,
> Cross Site Request Forgery in various CMS interfaces, XSS in controller
> action handling
>
> (if someone is motivated one could also assign CVEs to all the old
> version issues)
>

This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.

Thanks.

-- JB

This message: [ Message body ]
Next message: Josh Bressers: "Re: [oss-security] (possible) CVE request: Clickjacking in Mediawiki"
Previous message: Hyrum Wright: "Re: [oss-security] CVE request for subversion"
In reply to: Hanno BÃ¶ck: "[oss-security] CVE request: silverstripe before 2.4.4"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]