oss-sec mailing list archives

Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php

From: Henri Salo <henri () nerv fi>
Date: Thu, 19 Jan 2012 12:59:29 +0200

On Thu, Jan 19, 2012 at 08:40:47AM +0100, Ronald van den Blink wrote:

On Jan 18, 2012, at 10:55 PM, Kurt Seifried wrote:

Can you include a link to the code commit(s) that fiix this? Thanks.

Hi Kurt,

This is still a bit of a problem, as our internal svn is still not correctly set up to sync to SF's SVN. What I can 
do however is ask our developers to create a diff of the files which were changed to fix this and post them online?

B.t.w. if someone knows a way to sync two SVN repositories to with each other, please contact me off list.

With kind regards,

Ronald


I am contacting you in the list, because someone might end up here using keywords: 
http://stackoverflow.com/questions/143130/how-to-synchronize-two-subversion-repositories

- Henri Salo

Current thread:

CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 18)
  - Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
    - Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 19)
    - Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 19)
    - Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Henri Salo (Jan 19)