oss-sec mailing list archives
Re: CVE request: joomla < 1.5.7
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 15 Sep 2008 21:19:18 -0400 (EDT)
On Thu, 11 Sep 2008, Hanno [utf-8] B??ck wrote:
http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html Security * Several security issues were fixed in this release. There was 1 critical, 1 major and 2 moderate security vulnerabilities fixed in 1.5.7. For more information, visit the Security Center.
more details were from http://developer.joomla.org/security.html [20080902] - Core - Random Number Generation Flaw http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html Use CVE-2008-4102 ------ [20080903] - Core - com_mailto Spam http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html Use CVE-2008-4103 ------ [20080904] - Core - Redirect Spam http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html Use CVE-2008-4104 ------ [20080901] - Core - JRequest Variable Injection http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html Use CVE-2008-4105 - Steve
Current thread:
- CVE request: joomla < 1.5.7 Hanno Böck (Sep 11)
- Re: CVE request: joomla < 1.5.7 Steven M. Christey (Sep 15)