Date: Thu, 19 Jan 2012 08:40:47 +0100 From: Ronald van den Blink <oss-security@...urityview.nl> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php On Jan 18, 2012, at 10:55 PM, Kurt Seifried wrote: > Can you include a link to the code commit(s) that fiix this? Thanks. Hi Kurt, This is still a bit of a problem, as our internal svn is still not correctly set up to sync to SF's SVN. What I can do however is ask our developers to create a diff of the files which were changed to fix this and post them online? B.t.w. if someone knows a way to sync two SVN repositories to with each other, please contact me off list. With kind regards, Ronald
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ