oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: multiple status.ne

Re: [oss-security] CVE request: multiple status.net issues

From: Josh Bressers <bressers_at_nospam>
Date: Tue Jan 25 2011 - 17:08:05 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> Hello,
>
> I wanted to get some CVEs assigned for some minor issues that I
> reported to
> status.net.
>
> syslog message spoofing via newline injections into logging
> http://status.net/open-source/issues/2795

Use CVE-2010-4658.

>
> limited XSS in error message contents
> http://status.net/open-source/issues/2796 (fixed)

Use CVE-2010-4659.

>
> unsafe use of addslashes for SQL string escapes
> http://status.net/open-source/issues/2797 (fixed)
>

Use CVE-2010-4660.

Thanks.

-- JB