oss-sec mailing list archives

Re: CVE request: silverstripe before 2.4.4

From: Josh Bressers <bressers () redhat com>
Date: Tue, 4 Jan 2011 11:58:32 -0500 (EST)

----- Original Message -----

http://www.silverstripe.org/security-releases/

Silverstripe 2.4.4 notes:
SQL information disclosure, SQL injection in Translatable extension,
Cross Site Request Forgery in various CMS interfaces, XSS in controller
action handling

(if someone is motivated one could also assign CVEs to all the old
version issues)


This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.

Thanks.

-- 
    JB

Current thread:

CVE request: silverstripe before 2.4.4 Hanno Böck (Jan 03)
- Re: CVE request: silverstripe before 2.4.4 Josh Bressers (Jan 04)