[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-10-19 19:01:47
Message-ID: 5081A39B.7060902 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/07/2012 10:30 AM, Henri Salo wrote:
> Hello,
> 
> I think these two Joomla security issues does not have
> CVE-identifiers:
> 
> http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html
>
> 
http://secunia.com/advisories/49678/
> Versions: 2.5.6 and all earlier 2.5.x versions
> 
> 1)
> http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability

Please
> 
use CVE-2012-4531 for this issue.

> 2)
> http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability
>
> 
http://osvdb.org/show/osvdb/83490
> http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt

Please use CVE-2012-4532 for this issue.


> - Henri Salo
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQgaObAAoJEBYNRVNeJnmTvyMP+wT3uWTMZOvtdsexpikfNDcS
zw0jzoLdaTWPYUKsa5E5roOOjmmV/WlNR8VbCAVLXb710rW57KX6Y85luZbs73oQ
G5+w6GocF0heURpsPKNDZw1i4A6iy+LVGACT6BZ2djC8kXvciEl7peTOZKXEcAdJ
fonjAuXJapDHreOaWzZ+1lpamSRc0/ckbmuMcAUygqqGiFn5o0pFePfoGfyW+cLl
0rAmHCh/VfJRdPgQUKmYukExUY1alkTNGFb2uO5fjUR3vXurJY/oGEge4Sk5hiWr
sfpnSQ2VPGg47APMDFV+y+7ZgADfXDMhbbqIfHT+6wioZkcmJecqYakciknaHQsi
/vAkg65b0uaNp6Wt/tFID6eLuIjpZU2P90KVbqr1K4aNzy9Xmsq1Kn79dmJIv3rz
fI8uFmg9SjrLQMFJ8Mp3aWZbUft1KyNPbqIwXHC6lRLhxcftDcN+if8IAgDxd5Ru
rDras3PMvooKDRZNCCnEOdvl+jusqevb4YYBKqdpxuBhPYk4TrDDOGz1a8fa8hG5
ez+zSPURvkDCBEmhH0+MXEVUP03HP4d6KQOaJRVlUeeFQjJOAIx39h7Dd7cSfBgU
he9YIfiSRiLo3kBzXiby9RvyxEUsAk9Avz4imyxC/08uIFgGYXVjrYPZmlYCuj1y
mhgSYqGdUfJVygF6KCqE
=/yJ8
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic