oss-sec mailing list archives

Re: CVE Request: typo3 sql injection and open redirection

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Mar 2013 20:44:10 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/09/2013 05:31 AM, Marcus Meissner wrote:

Hi,

http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/


has 2 new security issues without apparent CVE...


Please use CVE-2013-1842 for Typo3 Extbase Framework SQL Injection

Please use CVE-2013-1843 for Typo3 Access tracking mechanism Open
Redirection

Kurt, is this in your scope, or more in Mitres?


I generally handle open source unless they are totally messy (I'm lazy
=) or they go to Mitre first and I never get a chance any ways.

Ciao, Marcus




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRPpZ6AAoJEBYNRVNeJnmTHXQQAMglUJpq+bfXV0CQn+o8SbA0
qt36FhAdiwoMmxuXXjP181fjk8MakjpW/7N1psXfOmITOEFVmQUO415UyDqMAhDg
P+2SHCHwir70WUlCa3Vshdt+xIGU8SPv36CsASnGuDZb0dp0MNuE5bz3vsJnZ/9N
p5mvkoiOLeXb0WRXp4ALvrFABOBR71xNfQNiBfOzP9vOVZ/O9YUHJZ7Bg5whIxsn
97yF0kYMEqJNYUSY+MBgl4hfRG7uabZM1Fp+Ydj0keIZDS/vfZrwUA7LIMNzzrwo
hzCvUOWi0IV4TP1PtPBj9R+G9KXKfUoKShOe6vSWmRiSikgoi5nNBT6Rc7PLIOGI
uE8Gr7+NNx/JEOK5eCqqE9/5OHV9/bFD70vC5EYkKOO5s2OGlgVb2DDty3K69H/7
HSxKFR8SUJWRkFLuhuOdYKBaXDByo9DZ0elQPCxjuOTuf5KlItRPFdIO5q7RUct0
IV7CjGaifbcbayArnq/9ZpI4uFkN/ZP1fRzKXxes/gt48tBg55jUsHjUkm104TFb
Abvl0xMqnCNCNX5avNy+ZQ3f5XyfscgHyK00fFITXeDx273mDJsHrFHTLoAX1VOT
4D7qM83Ef0/Xdjlvm4mLQxt2orh8juPjX3UpbQ4qNkET6n2pQJ/5je69qUzM/PY1
1w2xdDSzoTFA36UI4Jt5
=cWAY
-----END PGP SIGNATURE-----

Current thread:

CVE Request: typo3 sql injection and open redirection Marcus Meissner (Mar 09)
- Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried (Mar 11)