Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Jan 2011 11:58:32 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request: silverstripe before 2.4.4

----- Original Message -----
> http://www.silverstripe.org/security-releases/
> 
> Silverstripe 2.4.4 notes:
> SQL information disclosure, SQL injection in Translatable extension,
> Cross Site Request Forgery in various CMS interfaces, XSS in controller
> action handling
> 
> (if someone is motivated one could also assign CVEs to all the old
> version issues)
> 

This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.