Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/07/2012 10:30 AM, Henri Salo wrote:
> Hello,
>
> I think these two Joomla security issues does not have
> CVE-identifiers:
>
> http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html
http://secunia.com/advisories/49678/
> Versions: 2.5.6 and all earlier 2.5.x versions
>
> 1)
> http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability
>
>  2)
> http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability
http://osvdb.org/show/osvdb/83490
> http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt
>
> - Henri Salo

I'm wondering,there seems to be some gaps in Joomla CVE assignments,
are there other Joomlas that need CVEs as well?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdQBjAAoJEBYNRVNeJnmT/xQP/3+laDs5mVOxsoVLfeObEXlp
NrI+iVYueOXI5zMQqT3TQ/ZMDiueCTZIitw0fINB1GS5wX0K8fftPQAyDWtRu7BC
6kP9TnOI1TuT9mGuvFM6vslHmY5UMAYXNanievSdAHMzKcNh84+yb/N13un3tZkI
fenU6mVnoSBgD3QgE1XBiaG2r7SO3dMdUnEbmlrVM2aO8S/r91GUHdyeMO0qSB39
d/rlNKyu+1Hc2qzM0D6C9Q8d7mN9j09j8HIaggMvx4iugHtch3qWxKi9TbUwhzZB
FUC4hzburJrMv8LVgQvsyZoQ371jeXJY+hJ6K0IH5I0OlMeqyXvCMvTs2HtfayuS
4S6FNFiRUMSTL9vBbCvB16K6YloLkbxg+0hasW/kRv1+oVh++MHUzJb8v0VKNCkj
Mxzz+rXsG3MGq6+jJd+nTcrYrmKfO8P/9jau8ii3Ar5B7z+MwmZiG8ykYaM9/WBd
LgAETpOCVR2+axKDbxgU71krCeGII4GI/GVtnVBeWO6FR3ds8m51YfQORh9jAUYZ
N8eksGY9NQUSXOhPXFK5JXKxohQZyQJRUlsoxsGuKOhTkNbQYvlDV8rSrPFO6wdh
ngEKm2Q9cUdjtx2JMtM5CFIsYooABiHJJuwZD8t/Gg56gaz9AD7CisLANT3QgyzD
HS4XDveRvYcVkxXm1lLZ
=31Uj
-----END PGP SIGNATURE-----