oss-sec mailing list archives
Re: CVE Request: typo3 sql injection and open redirection
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Mar 2013 20:44:10 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/09/2013 05:31 AM, Marcus Meissner wrote:
Hi, http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/ has 2 new security issues without apparent CVE...
Please use CVE-2013-1842 for Typo3 Extbase Framework SQL Injection Please use CVE-2013-1843 for Typo3 Access tracking mechanism Open Redirection
Kurt, is this in your scope, or more in Mitres?
I generally handle open source unless they are totally messy (I'm lazy =) or they go to Mitre first and I never get a chance any ways.
Ciao, Marcus
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRPpZ6AAoJEBYNRVNeJnmTHXQQAMglUJpq+bfXV0CQn+o8SbA0 qt36FhAdiwoMmxuXXjP181fjk8MakjpW/7N1psXfOmITOEFVmQUO415UyDqMAhDg P+2SHCHwir70WUlCa3Vshdt+xIGU8SPv36CsASnGuDZb0dp0MNuE5bz3vsJnZ/9N p5mvkoiOLeXb0WRXp4ALvrFABOBR71xNfQNiBfOzP9vOVZ/O9YUHJZ7Bg5whIxsn 97yF0kYMEqJNYUSY+MBgl4hfRG7uabZM1Fp+Ydj0keIZDS/vfZrwUA7LIMNzzrwo hzCvUOWi0IV4TP1PtPBj9R+G9KXKfUoKShOe6vSWmRiSikgoi5nNBT6Rc7PLIOGI uE8Gr7+NNx/JEOK5eCqqE9/5OHV9/bFD70vC5EYkKOO5s2OGlgVb2DDty3K69H/7 HSxKFR8SUJWRkFLuhuOdYKBaXDByo9DZ0elQPCxjuOTuf5KlItRPFdIO5q7RUct0 IV7CjGaifbcbayArnq/9ZpI4uFkN/ZP1fRzKXxes/gt48tBg55jUsHjUkm104TFb Abvl0xMqnCNCNX5avNy+ZQ3f5XyfscgHyK00fFITXeDx273mDJsHrFHTLoAX1VOT 4D7qM83Ef0/Xdjlvm4mLQxt2orh8juPjX3UpbQ4qNkET6n2pQJ/5je69qUzM/PY1 1w2xdDSzoTFA36UI4Jt5 =cWAY -----END PGP SIGNATURE-----
Current thread:
- CVE Request: typo3 sql injection and open redirection Marcus Meissner (Mar 09)
- Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried (Mar 11)