oss-sec mailing list archives
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3
From: Josh Bressers <bressers () redhat com>
Date: Fri, 14 Jan 2011 16:05:13 -0500 (EST)
Hi Steve, Can MITRE take these. I'm having trouble finding time for them this week :( Thanks. -- JB ----- Original Message -----
Hi, Could CVE ids be assigned for the following issues? Thanks in advance. ftpls: XSS in directory listing http://bugs.debian.org/607494 xdigger: buffer overflow when parsing CLI arguments (it is SGID, at least in Debian) http://bugs.debian.org/609096 lbreakout2: buffer overflow with overly long HOME env var (it is SGID, at least in Debian) http://bugs.debian.org/608980 calibre: XSS and file disclosure http://www.waraxe.us/advisory-77.html http://bugs.debian.org/608822 typo3: 8 vulnerabilities http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/ http://seclists.org/fulldisclosure/2010/Dec/690 http://bugs.debian.org/607286 There are more issues without ids, will request them later. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Raphael Geissert (Jan 13)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Moritz Mühlenhoff (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Steven M. Christey (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Tomas Hoger (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Steven M. Christey (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Josh Bressers (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Moritz Mühlenhoff (Jan 14)