oss-sec mailing list archives

CVE request for BZ

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 23 Jan 2015 14:29:58 -0700

http://www.bugzilla.org/security/4.0.15/

one has a CVE, and this one does not:

Class:       Information Leak
Versions:    2.23.3 to 4.0.15, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to
4.5.6
Fixed In:    4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Using the WebServices API, a user can possibly execute imported
             functions from other non-WebService modules. A whitelist
has now
             been added that lists explicit methods that can be executed
via the
             API.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1090275

was this classed as hardening hence no CVE? E.g. has no exploit been
found, or?

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request for BZ Kurt Seifried (Jan 23)
- Re: CVE request for BZ David Lawrence (Jan 23)