oss-security - Re: CVE-request: galette sql injection

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 10 May 2012 20:26:57 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Johan Cwiklinski <mailings@...nd.be>
Subject: Re: CVE-request: galette sql injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/10/2012 01:06 PM, Johan Cwiklinski wrote:
> Hello,
> 
> Versions 0.63x of galette (out-of-date but mostly used versions for
> now) have an sql injection vulnerability.
> 
> Could a CVE be assigned for this vulnerability?
> 
> This issue has been reported on project's tracker: 
> http://redmine.ulysses.fr/issues/250
> 
> The issue has been fixed 
> (http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba),
>
> 
a new release and an official announcment from the project will come
> very soon.
> 
> Thank you!

Please use CVE-2012-2338 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPrHjxAAoJEBYNRVNeJnmTH3QP/2ndZBsV5A9QDGw4CEnOQEt8
Ms7rX5dMFw1BePrDAk5/AauHEyzS660XuXzfkppA7LYP84s2QZTAYYy4REUAxO47
cDIuLlq2ECIE4EtBIzgvF6c1hNiXznlwgu2woXgxRxiCR/9rYK/v3xZCCDL21MOq
jhMm8vLhPNcfa5c2R7ywvFPGq8J5vMnLzlLkKp+1sU61xketv/deH2+LwnBhZNhW
h+PRLmfCLDS39IhZJmPvoRRIMe5Fuu9mV7Qu/1CKTze0WLclzBPlf6PXOO309op+
htOrjOAmXxWLbw1PXEj9ih35YN8ByT+MMGdaQQ0nnD06Mp/o+7bdSq5Pl12oTVEo
8f9xFHUN22XydT95y19XymTnZzOv4yAfs18WIPzZOkwH54N11WovXPUJCzWywHcl
0/Bb/KXa8s0KCQT2iPzB8PS7K5+7dN1KMAB8IsIcYE7S7Mk/AuDQH1TNtDvwbw6K
n9SC9IzLJardoavhSPWMJDYugCW993OiHiBI6V+CX1i+y+tyOMC3tgYl7RQ/Zilv
hzjrHgP7H6B2/87qS82Vz0lLiy8nSsCeSdv336N85On6WWTnKJIwydaKhMe8cXsl
6wmKRRH+nM2cCv9WEk4mW2YZ6AElJMX3CHpTvz8kkqYW7WE5cOGmXEQda/licsZj
qUkzRgNIFPZdWnq2Uzl6
=z3ba
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.