oss-sec mailing list archives
Re: CVE-request: Joomla core information disclosure 1.7.1
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 02 Mar 2012 10:21:41 -0700
Huh? http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html and http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html
Sorry that second one should have been: http://developer.joomla.org/security/news/370-20111001-core-information-disclosure.html
are entirely different issues (one is "Weak encryption causes potential information disclosure" the other is "Inadequate error checking causes potential information disclosure."), so two issues, two CVE's. We split based on (among other things) the underlying issues, not the outcome. These two CVE's are fine.
-- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)