Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Mar 2013 20:44:10 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: typo3 sql injection and open redirection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/09/2013 05:31 AM, Marcus Meissner wrote:
> Hi,
> 
> http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
> 
> 
> has 2 new security issues without apparent CVE...

Please use CVE-2013-1842 for Typo3 Extbase Framework SQL Injection

Please use CVE-2013-1843 for Typo3 Access tracking mechanism Open
Redirection

> Kurt, is this in your scope, or more in Mitres?

I generally handle open source unless they are totally messy (I'm lazy
=) or they go to Mitre first and I never get a chance any ways.

> Ciao, Marcus



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRPpZ6AAoJEBYNRVNeJnmTHXQQAMglUJpq+bfXV0CQn+o8SbA0
qt36FhAdiwoMmxuXXjP181fjk8MakjpW/7N1psXfOmITOEFVmQUO415UyDqMAhDg
P+2SHCHwir70WUlCa3Vshdt+xIGU8SPv36CsASnGuDZb0dp0MNuE5bz3vsJnZ/9N
p5mvkoiOLeXb0WRXp4ALvrFABOBR71xNfQNiBfOzP9vOVZ/O9YUHJZ7Bg5whIxsn
97yF0kYMEqJNYUSY+MBgl4hfRG7uabZM1Fp+Ydj0keIZDS/vfZrwUA7LIMNzzrwo
hzCvUOWi0IV4TP1PtPBj9R+G9KXKfUoKShOe6vSWmRiSikgoi5nNBT6Rc7PLIOGI
uE8Gr7+NNx/JEOK5eCqqE9/5OHV9/bFD70vC5EYkKOO5s2OGlgVb2DDty3K69H/7
HSxKFR8SUJWRkFLuhuOdYKBaXDByo9DZ0elQPCxjuOTuf5KlItRPFdIO5q7RUct0
IV7CjGaifbcbayArnq/9ZpI4uFkN/ZP1fRzKXxes/gt48tBg55jUsHjUkm104TFb
Abvl0xMqnCNCNX5avNy+ZQ3f5XyfscgHyK00fFITXeDx273mDJsHrFHTLoAX1VOT
4D7qM83Ef0/Xdjlvm4mLQxt2orh8juPjX3UpbQ4qNkET6n2pQJ/5je69qUzM/PY1
1w2xdDSzoTFA36UI4Jt5
=cWAY
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ