Date: Tue, 12 May 2009 16:25:48 +0200 From: Hanno Böck <hanno@...eck.de> To: Tomas Hoger <thoger@...hat.com> Cc: oss-security@...ts.openwall.com, Steven Christey <coley@...us.mitre.org> Subject: Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Am Dienstag 12 Mai 2009 schrieb Tomas Hoger: > Was this meant as CVE request? Upstream changelog does mention CVEs > for the issues, as well as upstream SVN commits and security page: > http://www.squirrelmail.org/security/ Thanks for the note, the release notes didn't mention them and they were not up on nvd.nist.org, so I didn't find them. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@...eck.de http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher http://tinyurl.com/dceu73 - Internetzensur stoppen! http://schokokeks.org - professional webhosting Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.