Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 24 Aug 2012 11:15:06 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Thomas Pollet <thomas.pollet@...il.com>
Subject: Re: zenoss issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/24/2012 01:33 AM, Thomas Pollet wrote:
> Hello,
> 
> I have found xss and command execution problems with zenoss. I
> created a bugreport which can be found at
> http://jira.zenoss.com/jira/browse/ZEN-3183 . However the zenoss
> developers don't seem to be able to reproduce the issues.
> 
> Another issue, reported by Emanuel Bronshtein can be found at 
> http://jira.zenoss.com/jira/browse/ZEN-3153
> 
> Regards, Thomas Pollet

I can't access this page, it requires a login. Is there a public
resource you can reference, or can you get this page made public so it
can be referenced?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQN7aaAAoJEBYNRVNeJnmTUrwQALvVeXJogyu8i9lk4lha8cee
Oynp0jJREIRh1j6XTs+1JZgpHhVpd60rUWnodZ7/6VeYNiBhRtREg1Vgry9I/DDL
++KVrs9J5J9pt2PnVn44KhRWDp/wu9JJgDIUbVI+axmgk2EW8MVFtMPR9T0wNgkD
F3WMksNh4S+4QhK+XSy6iwZUD3Xz1/2mxCdLOO8kw4MFr8YUhlXwRIgI9Mfn+5Vd
6fbMGIkWTnyVCxwJWCYOLL/d1+Q7KYK4yt5dzyE6FfPG0coicVfC92qf8LU+6Ibp
MMI8I5kP7J3HAzHj9/hRnFhgBusuvuINf2FmgmGO07FXSWsOfsCbc1sGa3027OqR
VBZA0EojDb1DqJk9WXhB1pgw+JDGtzaNeZtHHq9ZAjvM2sOHilVLqSRTO3nTQAyy
32rF3HI5kPoWBrDijZ4iRvLd1kL3+WvpIypi3oAxNJ4H14W9otXv7S2pJJhxDYEt
jzdnSPC36fAdA4JMsZJTa0EeFOSmgr+FTjLY5OfzKMI8OJmZxsjBZu2VO2wwpX/c
VmZlda6LeogPxuAZqvJT3w1D1vGjFFO5cq0NF6wYe9n/Lwefgx4RO3f7hQnnNYcT
O1+YNoTYVVBl3VEok7nsv8dURchpReqP2R/XQWoOeIsRF/e2cecSTOLn8w+Axi6Y
U0oaP/YefSUdPucbfo67
=SLU8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.