Re: CVE request: joomla before 1.5.26 password change

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2012 03:14 AM, Hanno Böck wrote:
> I think this one 
> http://developer.joomla.org/security/news/396-20120305-core-password-change.html
never got a CVE.
> Note what may be confusing: 1.5.25 and 1.5.26 both fixed a
> password change vuln, the earlier one already got a CVE
> (CVE-2011-4321), but they seem to be different issues.

Already assigned:

CVE-2012-1598 Joomla! 396-20120305-core-password-change.html

http://seclists.org/oss-sec/2012/q1/783


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQO67dAAoJEBYNRVNeJnmTlMIQAKQJ9zOPxhD7v7Z3zc61SLyW
tlu22cym3RMkLMnaWBl3gnVB78dqAw+NIr1fGNFHrhf1sSSmHzIAdzTA+obuYXbr
c18JntIk01QLIaPalakIf2RamebY+mg5fkrA7SlXsoz+qs9d1cUsCPm/1FYbwmaK
eyqafUYHbj0g3i20K2GKmKeNpfBMWmZlu/ljvcTz7Efypt80tkZUZIM9ZhjqhosA
ukftayKMbZ7czSF+/JSsp4JKMRYJlf8Ekhbjhukladba9nZQusvfUkcG2/J+iUHw
rzhhaXcNemmBf8uwP00QhrzpTOjhh0YLEDAPiigRaNhGEgen1aRmVrX7uPRuIpBj
xQpXj4h3jMBbqdJCZNn2UNYPu+tA9MgHKU35PLycHxhZTQVkrGj/qPaBrPeGs0CM
mtxfDmmez+Iht7mjEoJS5BVTUPIdFHWWqttZ0pg3PIYoiOexnMayc+PnG9sODHl3
9yF1nczfWK+arDFKHHdUCtMy2wLocy4///TLTo0Xe05aHyZdwRUQTWJWS/ZtV5Fn
vg/JGviZIjSp66w8gep3WlQY+9PoLBoPQ3g8qaTjymMYi/EfLoyAzWYColIvSoOY
vTF9RTd6N9HP+hB9KH0SREdg3qfvJT8yBSQkP4YyOGVoG04RWo/AWgjX+vhZC5pS
m/bjRjr/444IydIyNma0
=yEOr
-----END PGP SIGNATURE-----