Date: Fri, 23 Jan 2015 14:29:58 -0700 From: Kurt Seifried <kseifried@...hat.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, Assign a CVE Identifier <cve-assign@...re.org>, security@...zilla.org Subject: CVE request for BZ http://www.bugzilla.org/security/4.0.15/ one has a CVE, and this one does not: Class: Information Leak Versions: 2.23.3 to 4.0.15, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to 4.5.6 Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1 Description: Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1090275 was this classed as hardening hence no CVE? E.g. has no exploit been found, or? -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ