oss-sec mailing list archives
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 24 Feb 2011 10:28:34 -0700
* [2011-02-24 18:02:06 +0100] Ralf Corsepius wrote:
On 02/24/2011 05:45 PM, Vincent Danen wrote:* [2011-02-23 14:06:58 -0500] Josh Bressers wrote:Is Redhat packaging RT now, or are you just handling the CVEs?I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to public issues.Folks, my feel is you all are picking on words and details.
It is possible that Josh didn't realize it was packaged in Fedora and EPEL (we do package quite a few things).
Correct. rt3 is community maintained in Fedora and RHEL. I am doing so for Fedora and other people do for RHEL. So, strictly speaking it's not "Red Hat packaged", but community-contributed to "Red Hat owned products" (Fedora rsp. Fedora EPEL) and some folks @RH are filing CVS against it, for reasons I don't know.RT3 is packaged in Fedora and EPEL.
I'm not sure what you mean by that last statement (filing CVS against it). Do you mean filing bugs? --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Jan Lieskovsky (Feb 22)
- Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 22)
- Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Thomas Sibley (Feb 22)
- Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 23)
- Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen (Feb 24)
- Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Ralf Corsepius (Feb 24)
- Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen (Feb 24)
- Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 23)