[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: multiple status.net issues
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-01-25 17:08:05
Message-ID: 379223907.122864.1295975285015.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> Hello,
>
> I wanted to get some CVEs assigned for some minor issues that I
> reported to
> status.net.
>
> syslog message spoofing via newline injections into logging
> http://status.net/open-source/issues/2795
Use CVE-2010-4658.
>
> limited XSS in error message contents
> http://status.net/open-source/issues/2796 (fixed)
Use CVE-2010-4659.
>
> unsafe use of addslashes for SQL string escapes
> http://status.net/open-source/issues/2797 (fixed)
>
Use CVE-2010-4660.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic