Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Jan 2015 14:29:58 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Assign a CVE Identifier <cve-assign@...re.org>, security@...zilla.org
Subject: CVE request for BZ

http://www.bugzilla.org/security/4.0.15/

one has a CVE, and this one does not:

Class:       Information Leak
Versions:    2.23.3 to 4.0.15, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to
4.5.6
Fixed In:    4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Using the WebServices API, a user can possibly execute imported
             functions from other non-WebService modules. A whitelist
has now
             been added that lists explicit methods that can be executed
via the
             API.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1090275

was this classed as hardening hence no CVE? E.g. has no exploit been
found, or?

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ