oss-sec mailing list archives
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection
From: Seth Arnold <seth.arnold () canonical com>
Date: Wed, 14 Sep 2016 15:37:29 -0700
On Wed, Sep 14, 2016 at 10:22:58AM -0600, Kurt Seifried wrote:
Ideally people should get CVEs and then post to oss-security with the information and the CVE. A lot of people consume the list data and the current method means that people end up searching their DBs, making sure it's new, then entering it, then updating it with a CVE. If people got CVEs first this would vastly simplify things.
I don't like the idea of waiting on CVE assignment before posting information here: - MITRE's team does impressive work, but some assignments take significantly longer than others; a request here, publicly, allows users to mitigate or fix before a number is known. - In cases when there are no fixes yet, or incomplete fixes, it may not be known how many CVEs are even needed -- making the issues widely known earlier increases the chances of someone preparing patches, to clarify how many issues existed. - With MITRE's reduced scope of CVE coverage, there's the risk that software that's important to list members or the wider computing public may not get a number at all. Not getting a number assigned may give the impression that the issue isn't important. Thanks
Attachment:
signature.asc
Description:
Current thread:
- ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 07)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger (Sep 14)
- Message not available
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 15)