Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 May 2015 23:52:28 +0200
From: Hannes Trunde <hannes.trunde@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: SQL injection vulnerability in WordPress plugins
 Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1

> Our only suggestion for this case is that, given that the multi-stage
> approach is already in progress, it would probably be best to
> establish a link in at least one direction, e.g., either:
>
>   - your full advisory should include a link to
>     http://openwall.com/lists/oss-security/2015/04/14/5
>     so that this previous discussion can be found
>
>   or
>
>   - you should make a later oss-security post in this thread, with a
>     link to the public URL(s) for your full advisory, which might
>     be in any of the four locations that you proposed

Thanks for clarification! To complete this thread I'll include the
URLs to the advisories below:

WordPress Community Events 1.3.5 SQL Injection (CVE-2015-3313)
http://packetstormsecurity.com/files/131530/WordPress-Community-Events-1.3.5-SQL-Injection.html

WordPress Tune Library 1.5.4 SQL Injection (CVE-2015-3314)
http://packetstormsecurity.com/files/131558/WordPress-Tune-Library-1.5.4-SQL-Injection.html

WordPress WP Symposium 15.1 SQL Injection (CVE-2015-3325)
http://packetstormsecurity.com/files/131801/WordPress-WP-Symposium-15.1-SQL-Injection.html

--
Hannes Trunde

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ