oss-sec mailing list archives
Re: CVE request: joomla before 1.5.26 password change
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Aug 2012 11:31:10 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/27/2012 03:14 AM, Hanno Böck wrote:
I think this one http://developer.joomla.org/security/news/396-20120305-core-password-change.html
never got a CVE.
Note what may be confusing: 1.5.25 and 1.5.26 both fixed a password change vuln, the earlier one already got a CVE (CVE-2011-4321), but they seem to be different issues.
Already assigned: CVE-2012-1598 Joomla! 396-20120305-core-password-change.html http://seclists.org/oss-sec/2012/q1/783 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQO67dAAoJEBYNRVNeJnmTlMIQAKQJ9zOPxhD7v7Z3zc61SLyW tlu22cym3RMkLMnaWBl3gnVB78dqAw+NIr1fGNFHrhf1sSSmHzIAdzTA+obuYXbr c18JntIk01QLIaPalakIf2RamebY+mg5fkrA7SlXsoz+qs9d1cUsCPm/1FYbwmaK eyqafUYHbj0g3i20K2GKmKeNpfBMWmZlu/ljvcTz7Efypt80tkZUZIM9ZhjqhosA ukftayKMbZ7czSF+/JSsp4JKMRYJlf8Ekhbjhukladba9nZQusvfUkcG2/J+iUHw rzhhaXcNemmBf8uwP00QhrzpTOjhh0YLEDAPiigRaNhGEgen1aRmVrX7uPRuIpBj xQpXj4h3jMBbqdJCZNn2UNYPu+tA9MgHKU35PLycHxhZTQVkrGj/qPaBrPeGs0CM mtxfDmmez+Iht7mjEoJS5BVTUPIdFHWWqttZ0pg3PIYoiOexnMayc+PnG9sODHl3 9yF1nczfWK+arDFKHHdUCtMy2wLocy4///TLTo0Xe05aHyZdwRUQTWJWS/ZtV5Fn vg/JGviZIjSp66w8gep3WlQY+9PoLBoPQ3g8qaTjymMYi/EfLoyAzWYColIvSoOY vTF9RTd6N9HP+hB9KH0SREdg3qfvJT8yBSQkP4YyOGVoG04RWo/AWgjX+vhZC5pS m/bjRjr/444IydIyNma0 =yEOr -----END PGP SIGNATURE-----
Current thread:
- CVE request: joomla before 1.5.26 password change Hanno Böck (Aug 27)
- Re: CVE request: joomla before 1.5.26 password change Kurt Seifried (Aug 27)