Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 May 2012 22:06:48 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still
	without CVE


Hi Kurt,

> > Issues in TYPO3-SA-2010-022 are still without CVE-identifiers if I
> > am correct.
> > 
> > http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/
> >
> > 
> OSVDB: 70116,70117,70118,70119,70120,70121,70122,70123
> > http://secunia.com/advisories/35770/ 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286
> > 
> > Originally requested in here
> > http://seclists.org/oss-sec/2011/q1/76
> > 
> > - Henri Salo
> 
> CVE-2012-2342 TYPO3-SA-2010-022 #1 frontend click enlarge XSS
> CVE-2012-2343 TYPO3-SA-2010-022 #1 frontend form content object XSS
> CVE-2012-2344 TYPO3-SA-2010-022 #2 PHP file inclusion protection API
> CVE-2012-2345 TYPO3-SA-2010-022 #3 Install Tool XSS
> CVE-2012-2346 TYPO3-SA-2010-022 #4 Backend Remote File Disclosure
> CVE-2012-2347 TYPO3-SA-2010-022 #4 Backend Path Traversal
> CVE-2012-2348 TYPO3-SA-2010-022 #4 Backend SQL Injection
> CVE-2012-2349 TYPO3-SA-2010-022 #5 Database API info disclosure
> 
> 
> split #1 because it affects different versions, split #4 because it's
> 3 separate issues, same as the vendor did.

But these are from 2010, they should not have 2012-* IDs?

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.