oss-sec mailing list archives
Re: CVE request: webcalendar before 1.2.7
From: security curmudgeon <jericho () attrition org>
Date: Mon, 22 Jul 2013 17:28:35 -0500 (CDT)
Kurt's reply is a good reminder of why he needs that information. Based on the original post, some of these have assignments.
: Security fix: Do not show the reason for a failed login (i.e. "no such user") Likely CVE-2013-1422 / OSVDB 90668 : Security fix: Escape HTML characters in category name. Likely CVE-2013-1421 / OSVDB 90669 : Security fix: Check all passed in fields (either via HTML form or via : URL parameter) for certain malicious tags (script, embed, etc.) and : generate fatal error if found. This one seems like it may be new.
Current thread:
- CVE request: webcalendar before 1.2.7 Hanno Böck (Jul 22)
- Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 22)
- <Possible follow-ups>
- Re: CVE request: webcalendar before 1.2.7 security curmudgeon (Jul 22)
- Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 25)