Date: Tue, 10 Mar 2015 23:42:21 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: steevee.aka@...il.com, cve-assign@...re.org Subject: Re: Instant v2.0 SQL Injection Vulnerability On Tue, Mar 10, 2015 at 01:12:16PM -0400, cve-assign@...re.org wrote: > Also, note that this vendor (apparently from Iowa in the U.S.) is not > the same as the InstantCMS vendor (see CVE-2013-6839), apparently > located in Russia. This is what confused me into accepting the message for oss-security. I found this website: http://www.instantcms.ru/get which says (in Russian) that InstantCMS is licensed under GNU GPLv2. If the message was about a proprietary product (or a SaaS offering?), then ideally we should have rejected it... but as discussed before, it's unrealistic for list moderators to investigate these things thoroughly. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.