oss-sec mailing list archives
Re: Fwd Joomla! Security News 2012-01
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 29 Jan 2012 22:26:15 -0700
Oh dang, assigned the wrong year. Please use these instead: CVE-2012-0819 Joomla! 382-20120101-core-information-disclosure.html CVE-2012-0820 Joomla! 383-20120102-core-xss-vulnerability.html CVE-2012-0821 Joomla! 384-20120103-core-information-disclosure.html CVE-2012-0822 Joomla! 385-20120104-core-xss-vulnerability.html On 01/26/2012 04:30 PM, Kurt Seifried wrote:
Well no-one spoke up so I'm assuming no CVE's have been issued for these issues yet./////////////////////////////////////////// [20120101] - Core - Information Disclosure Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=emailhttp://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact The JSST at the Joomla! Security Center.Please use CVE-2011-4933 for this issue (382-20120101-core-information-disclosure.html)
REJECT CVE-2011-4933 Please use CVE-2012-0819 for this issue (382-20120101-core-information-disclosure.html)
/////////////////////////////////////////// [20120102] - Core - XSS Vulnerability Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=emaildeveloper.joomla.org/security/news/383-20120102-core-xss-vulnerability.html Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The JSST at the Joomla! Security Center.Please use CVE-2011-4934 for this issue (383-20120102-core-xss-vulnerability.html)
REJECT CVE-2011-4934 Please use CVE-2012-0820 for this issue (383-20120102-core-xss-vulnerability.html)
/////////////////////////////////////////// [20120103] - Core - Information Disclosure Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=emailhttp://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact The JSST at the Joomla! Security Center.Please use CVE-2011-4935 for this issue (384-20120103-core-information-disclosure.html)
REJECT CVE-2011-4935 Please use CVE-2012-0821 for this issue (384-20120103-core-information-disclosure.html)
/////////////////////////////////////////// [20120104] - Core - XSS Vulnerability Posted: 23 Jan 2012 01:45 AM PSThttp://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier versions Exploit type: XSS Vulnerability Reported Date: 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at the Joomla! Security Center.Please use CVE-2011-4936 for this issue (385-20120104-core-xss-vulnerability.html)
REJECT CVE-2011-4936 Please use CVE-2012-0822 for this issue (385-20120104-core-xss-vulnerability.html) -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 29)