oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: multiple status.net issues

From: Kees Cook <kees () ubuntu com>
Date: Mon, 24 Jan 2011 13:38:27 -0800
Hello,

I wanted to get some CVEs assigned for some minor issues that I reported to
status.net.

    syslog message spoofing via newline injections into logging
    http://status.net/open-source/issues/2795

    limited XSS in error message contents
    http://status.net/open-source/issues/2796 (fixed)

    unsafe use of addslashes for SQL string escapes
    http://status.net/open-source/issues/2797 (fixed)

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team
Previous By Date Next
Previous By Thread Next

Current thread: