Guardian Digital WebTool

oss-security January 2011 archive

Main Archive Page > Month Archives > oss-security archives

oss-security: Re: [oss-security] CVE request: multiple status.ne

Re: [oss-security] CVE request: multiple status.net issues

From: Josh Bressers <bressers_at_nospam>
Date: Tue Jan 25 2011 - 17:08:05 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> Hello,
>
> I wanted to get some CVEs assigned for some minor issues that I
> reported to
> status.net.
>
> syslog message spoofing via newline injections into logging
> http://status.net/open-source/issues/2795

Use CVE-2010-4658.

>
> limited XSS in error message contents
> http://status.net/open-source/issues/2796 (fixed)

Use CVE-2010-4659.

>
> unsafe use of addslashes for SQL string escapes
> http://status.net/open-source/issues/2797 (fixed)
>

Use CVE-2010-4660.

Thanks.

-- JB

This message: [ Message body ]
Next message: Ronald van den Blink: "[oss-security] Batavi 1.0 - XSRF bug fixed"
Previous message: Kees Cook: "Re: [oss-security] CVE request: libxml2 heap contents leak"
In reply to: Kees Cook: "[oss-security] CVE request: multiple status.net issues"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]

© Copyright 2012 Guardian Digital, Inc. All Rights Reserved.