oss-sec mailing list archives

CVE request: letodms multiple issues

From: Raphael Geissert <geissert () debian org>
Date: Mon, 27 Aug 2012 15:43:39 -0500

Hi,

Multiple vulnerabilities have been found in LetoDMS[1].
Could CVE ids be assigned, please? Thanks in advance.

They are said to be fixed in 3.3.7[2], quoting the changelog:

--------------------------------------------------------------------------

                    Changes in version 3.3.7
-------------------------------------------------------------------------- 
major security update which fixeѕ lots of possible XSS and
CSRF attacts


Without looking at anything else other than the diff, I'm not personally 
convinced that the changes are enough/that there are no other 
vulnerabilities. That said, I'm most likely not going to spend time on it.

[1]http://www.exploit-db.com/exploits/20759/
[2]http://forums.letodms.com/showthread.php?tid=768

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

CVE request: letodms multiple issues Raphael Geissert (Aug 27)
- Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
  - Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
    - Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
    - Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
    - Re: CVE request: letodms multiple issues Kurt Seifried (Aug 31)