Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 10 Mar 2015 23:42:21 +0300
From: Solar Designer <>
Subject: Re: Instant v2.0 SQL Injection Vulnerability

On Tue, Mar 10, 2015 at 01:12:16PM -0400, wrote:
> Also, note that this vendor (apparently from Iowa in the U.S.) is not
> the same as the InstantCMS vendor (see CVE-2013-6839), apparently
> located in Russia.

This is what confused me into accepting the message for oss-security.
I found this website:

which says (in Russian) that InstantCMS is licensed under GNU GPLv2.

If the message was about a proprietary product (or a SaaS offering?),
then ideally we should have rejected it... but as discussed before, it's
unrealistic for list moderators to investigate these things thoroughly.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.