oss-sec mailing list archives
Re: CVE-request: Joomla core information disclosure 1.7.1
From: Henri Salo <henri () nerv fi>
Date: Fri, 2 Mar 2012 20:15:31 +0200
On Fri, Mar 02, 2012 at 10:03:06AM -0700, Kurt Seifried wrote:
Huh? http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html and http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html are entirely different issues (one is "Weak encryption causes potential information disclosure" the other is "Inadequate error checking causes potential information disclosure."), so two issues, two CVE's. We split based on (among other things) the underlying issues, not the outcome. These two CVE's are fine.
Definitely not my day. Sorry about that! My link should have been: http://secunia.com/advisories/46421/ - Henri Salo
Current thread:
- CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 02)
- Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)