oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] Re: CVE requests: IO::Socket::SSL,

[oss-security] Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo

From: Raphael Geissert <geissert_at_nospam>
Date: Thu Jan 13 2011 - 03:01:09 GMT
To: "Steven M. Christey" <coley@mitre.org>, oss-security@lists.openwall.com

Josh Bressers wrote:
[...]
> Steve, can MITRE take the one below. It's quite large and I don't have
> time to do it right now. Thanks.
>
>> piwigo:
>> a1) CSRF
>> a2) SQL injection
>> a3) stored XSS
>> http://secunia.com/advisories/41365/
>> http://piwigo.org/releases/2.1.3
>> http://www.exploit-db.com/exploits/14973/
>> (the issues mentioned by the exploit-db entry appear to be the same
>> that
>> were fixed in 2.1.3)
>> b) search.php SQL injection
>> http://secunia.com/advisories/38305/
>> http://piwigo.org/releases/2.0.8
>> c) CSRF in the admin panel:
>> http://secunia.com/advisories/37681/
>> http://www.exploit-db.com/exploits/10417
>> (the exploit-db entry details two other issues, but are "admin-only"
>> -- feel
>> free to assign or ignore those.)
>>

Ping.

Not urgent, but I saw them again on the list of issues without ids on our
tracker.

Regards,
-- Raphael Geissert - Debian Developer www.debian.org - get.debian.net