Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Jul 2017 23:37:28 +1200
From: Matthew Daley <mattd@...fuzz.com>
To: Henri Salo <henri@...v.fi>
Cc: Kurt Seifried <kurt@...fried.org>, oss-security@...ts.openwall.com
Subject: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004

JFTR:

On 17 July 2017 at 00:01, Henri Salo <henri@...v.fi> wrote:
> Is this assigment somehow related to this oss-security post?
> http://www.openwall.com/lists/oss-security/2016/07/01/3

Yes.

CVE-2017-1000002 = issues #26 and #32
CVE-2017-1000003 = issues #29 to #31
CVE-2017-1000004 = issues #1 to #25, #27 and #28 (but issue #25 should
probably be in CVE-2017-1000003 as it's a missing auth check, not a
SQL injection)

HTH,

- Matthew

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ