Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 May 2012 20:28:25 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without
 CVE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/10/2012 03:43 PM, Henri Salo wrote:
> Hello,
> 
> Issues in TYPO3-SA-2010-022 are still without CVE-identifiers if I
> am correct.
> 
> http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/
>
> 
OSVDB: 70116,70117,70118,70119,70120,70121,70122,70123
> http://secunia.com/advisories/35770/ 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286
> 
> Originally requested in here
> http://seclists.org/oss-sec/2011/q1/76
> 
> - Henri Salo

CVE-2012-2342 TYPO3-SA-2010-022 #1 frontend click enlarge XSS
CVE-2012-2343 TYPO3-SA-2010-022 #1 frontend form content object XSS
CVE-2012-2344 TYPO3-SA-2010-022 #2 PHP file inclusion protection API
CVE-2012-2345 TYPO3-SA-2010-022 #3 Install Tool XSS
CVE-2012-2346 TYPO3-SA-2010-022 #4 Backend Remote File Disclosure
CVE-2012-2347 TYPO3-SA-2010-022 #4 Backend Path Traversal
CVE-2012-2348 TYPO3-SA-2010-022 #4 Backend SQL Injection
CVE-2012-2349 TYPO3-SA-2010-022 #5 Database API info disclosure


split #1 because it affects different versions, split #4 because it's
3 separate issues, same as the vendor did.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPrHlJAAoJEBYNRVNeJnmT/P0P+gJYKh0SguAkp8cMnZpoMt8v
gy57tZtKme5puOg8wW+XOFMfWMrApVz7oEF/dehJ+Uf0X/cjuS5vu5gTlQ9Y2efj
HrYNHcPC7aJSp5dxZ2hVYvio/CoyBvoJNRmms7guGQgZsx9YZRMTARlg89J3+D8e
Q2vtdMruoAoq79VHSRu/zuijA4s1QGSTufcA6ZVJp1mTYE6m60EozQYxWc6IZfch
dzR26OqMF1AruD387JlK4u+P6PXPp6MH9ExaCIZybVgEzdh1RSBo8+7HaHLbqeUr
B6hD2/GXVVXZYHed8+S+B5Zshr9YAN8awGkmPleXCed+6ZCCkbuHOHyRkzE9BNHR
tvxcBO86gAf2QOSS4CrBCWirrYOgMM/IKLTzxFyL8I1t+PvI/Abh45nW6+LGtya/
6J9/NrdiZRccmRkR8aVq05UNeLFdHJyXAQPmbnZ2y/wGwZkkVDDjnu1ddtb5fGe2
q4qxnXgmiH1UW7TcLvD90ZZ0rHbUfqF0SzmWXu/IEArGLfmn+ziDFEjpLcOxTrCG
S5MaRc9mGuC4WCB5GuLXpoWL7+Db/cdZ6bAITE3/rIHJMoyhUxahXBa85pUYlf7m
z+yTJOv+8TmtzXDzENKSIStHbR68wmjp+GyyMb0F9czunqFq74WnsSqf5cWza121
Qz4Pu+K3dRJrsUsV0cpl
=So9V
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ