Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Jan 2012 17:01:14 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd Joomla! Security News 2012-01

On Wed, Jan 25, 2012 at 04:17:47PM +0200, Henri Salo wrote:
> Does someone know if these already have CVE-identifiers? Joomla just released this advisory.

This is why I don't like Joomla. They jumped from 1.7 to 2.5.0 and support for 1.7.x is following:

"Please note that version 1.7 will reach end of life on 24 February 2012."

EOL for 1.7.x means also 1.6.x, which both are still heavily uesd.

http://www.joomla.org/download.html
http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html

Joomla is part of oCERT "The oCERT team is a volunteer-based force of well-known security professionals from major Open Source projects, vendors and the security community."

Basicly the end of support for 1.7.x and 1.6.x means that if you go to support-forum and ask something you will be asked for your software version number and if it isn't 2.5.0 they will tell you to upgrade, before you will get more help.

- Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ