oss-sec mailing list archives
CVE request: letodms multiple issues
From: Raphael Geissert <geissert () debian org>
Date: Mon, 27 Aug 2012 15:43:39 -0500
Hi, Multiple vulnerabilities have been found in LetoDMS[1]. Could CVE ids be assigned, please? Thanks in advance. They are said to be fixed in 3.3.7[2], quoting the changelog:
-------------------------------------------------------------------------- Changes in version 3.3.7 -------------------------------------------------------------------------- major security update which fixeѕ lots of possible XSS and CSRF attacts
Without looking at anything else other than the diff, I'm not personally convinced that the changes are enough/that there are no other vulnerabilities. That said, I'm most likely not going to spend time on it. [1]http://www.exploit-db.com/exploits/20759/ [2]http://forums.letodms.com/showthread.php?tid=768 Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: letodms multiple issues Raphael Geissert (Aug 27)
- Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
- Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
- Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
- Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
- Re: CVE request: letodms multiple issues Kurt Seifried (Aug 31)
- Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
- Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)