'Re: [oss-security] Fwd Joomla! Security News 2012-01'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Fwd Joomla! Security News 2012-01
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-01-30 5:26:15
Message-ID: 4F2629F7.9080501 () redhat ! com
[Download RAW message or body]

Oh dang, assigned the wrong year. Please use these instead:

CVE-2012-0819 Joomla! 382-20120101-core-information-disclosure.html
CVE-2012-0820 Joomla! 383-20120102-core-xss-vulnerability.html
CVE-2012-0821 Joomla! 384-20120103-core-information-disclosure.html
CVE-2012-0822 Joomla! 385-20120104-core-xss-vulnerability.html

On 01/26/2012 04:30 PM, Kurt Seifried wrote:
> Well no-one spoke up so I'm assuming no CVE's have been issued for these
> issues yet.
> 
> > > ///////////////////////////////////////////
> > > [20120101] - Core - Information Disclosure
> > > 
> > > Posted: 23 Jan 2012 01:45 AM PST
> > > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=email
> > > 
> > 
> > 
> > http://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html
> > 
> > Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
> > earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
> > Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description
> > Inadequate filtering leads to information disclosure. Affected Installs
> > Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> > version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact
> > The JSST at the Joomla! Security Center.
> 
> Please use CVE-2011-4933 for this issue
> (382-20120101-core-information-disclosure.html)

REJECT CVE-2011-4933

Please use CVE-2012-0819 for this issue
(382-20120101-core-information-disclosure.html)

> 
> > > ///////////////////////////////////////////
> > > [20120102] - Core - XSS Vulnerability
> > > 
> > > Posted: 23 Jan 2012 01:45 AM PST
> > > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
> > > 
> > 
> > 
> > developer.joomla.org/security/news/383-20120102-core-xss-vulnerability.html
> > 
> > Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
> > all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability
> > Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description
> > Inadequate filtering leads to XSS vulnerability. Affected Installs
> > Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> > version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The
> > JSST at the Joomla! Security Center.
> 
> Please use CVE-2011-4934 for this issue
> (383-20120102-core-xss-vulnerability.html)

REJECT CVE-2011-4934

Please use CVE-2012-0820 for this issue
(383-20120102-core-xss-vulnerability.html)

> > > ///////////////////////////////////////////
> > > [20120103] - Core - Information Disclosure
> > > 
> > > Posted: 23 Jan 2012 01:45 AM PST
> > > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=email
> > > 
> > 
> > http://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html
> > 
> > Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
> > earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
> > Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description
> > Inadequate filtering leads to information disclosure. Affected Installs
> > Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> > version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact
> > The JSST at the Joomla! Security Center.
> 
> Please use CVE-2011-4935 for this issue
> (384-20120103-core-information-disclosure.html)

REJECT CVE-2011-4935

Please use CVE-2012-0821 for this issue
(384-20120103-core-information-disclosure.html)


> > > ///////////////////////////////////////////
> > > [20120104] - Core - XSS Vulnerability
> > > 
> > > Posted: 23 Jan 2012 01:45 AM PST
> > 
> > http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html
> > 
> > Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
> > all earlier versions Exploit type: XSS Vulnerability Reported Date:
> > 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate
> > filtering leads to XSS vulnerability. Affected Installs Joomla! version
> > 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version
> > 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at
> > the Joomla! Security Center.
> 
> Please use CVE-2011-4936 for this issue
> (385-20120104-core-xss-vulnerability.html)

REJECT CVE-2011-4936

Please use CVE-2012-0822 for this issue
(385-20120104-core-xss-vulnerability.html)


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic