oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE requests: ftpls, xdigger, l

Re: [oss-security] CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3

From: Josh Bressers <bressers_at_nospam>
Date: Fri Jan 14 2011 - 21:05:13 GMT
To: oss-security@lists.openwall.com

Hi Steve,

Can MITRE take these. I'm having trouble finding time for them this week :(

Thanks.

-- JB ----- Original Message ----- > Hi, > > Could CVE ids be assigned for the following issues? Thanks in advance. > > ftpls: XSS in directory listing > http://bugs.debian.org/607494 > > xdigger: buffer overflow when parsing CLI arguments > (it is SGID, at least in Debian) > http://bugs.debian.org/609096 > > lbreakout2: buffer overflow with overly long HOME env var > (it is SGID, at least in Debian) > http://bugs.debian.org/608980 > > calibre: XSS and file disclosure > http://www.waraxe.us/advisory-77.html > http://bugs.debian.org/608822 > > typo3: 8 vulnerabilities > http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/ > http://seclists.org/fulldisclosure/2010/Dec/690 > http://bugs.debian.org/607286 > > > There are more issues without ids, will request them later. > > Regards, > -- > Raphael Geissert - Debian Developer > www.debian.org - get.debian.net