oss-sec mailing list archives
CVE request for BZ
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 23 Jan 2015 14:29:58 -0700
http://www.bugzilla.org/security/4.0.15/ one has a CVE, and this one does not: Class: Information Leak Versions: 2.23.3 to 4.0.15, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to 4.5.6 Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1 Description: Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1090275 was this classed as hardening hence no CVE? E.g. has no exploit been found, or? -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for BZ Kurt Seifried (Jan 23)
- Re: CVE request for BZ David Lawrence (Jan 23)