Date: Fri, 8 May 2015 23:52:28 +0200 From: Hannes Trunde <hannes.trunde@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 > Our only suggestion for this case is that, given that the multi-stage > approach is already in progress, it would probably be best to > establish a link in at least one direction, e.g., either: > > - your full advisory should include a link to > http://openwall.com/lists/oss-security/2015/04/14/5 > so that this previous discussion can be found > > or > > - you should make a later oss-security post in this thread, with a > link to the public URL(s) for your full advisory, which might > be in any of the four locations that you proposed Thanks for clarification! To complete this thread I'll include the URLs to the advisories below: WordPress Community Events 1.3.5 SQL Injection (CVE-2015-3313) http://packetstormsecurity.com/files/131530/WordPress-Community-Events-1.3.5-SQL-Injection.html WordPress Tune Library 1.5.4 SQL Injection (CVE-2015-3314) http://packetstormsecurity.com/files/131558/WordPress-Tune-Library-1.5.4-SQL-Injection.html WordPress WP Symposium 15.1 SQL Injection (CVE-2015-3325) http://packetstormsecurity.com/files/131801/WordPress-WP-Symposium-15.1-SQL-Injection.html -- Hannes Trunde
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ