'Re: [oss-security] CVE request: multiple status.net issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: multiple status.net issues
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-01-25 17:08:05
Message-ID: 379223907.122864.1295975285015.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> Hello,
> 
> I wanted to get some CVEs assigned for some minor issues that I
> reported to
> status.net.
> 
> syslog message spoofing via newline injections into logging
> http://status.net/open-source/issues/2795

Use CVE-2010-4658.

> 
> limited XSS in error message contents
> http://status.net/open-source/issues/2796 (fixed)

Use CVE-2010-4659.

> 
> unsafe use of addslashes for SQL string escapes
> http://status.net/open-source/issues/2797 (fixed)
> 

Use CVE-2010-4660.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic