Re: Instant v2.0 SQL Injection Vulnerability

[Solar Designer <solar () openwall com>]

On Tue, Mar 10, 2015 at 01:12:16PM -0400, cve-assign () mitre org wrote:
> Also, note that this vendor (apparently from Iowa in the U.S.) is not
> the same as the InstantCMS vendor (see CVE-2013-6839), apparently
> located in Russia.

This is what confused me into accepting the message for oss-security.
I found this website:

http://www.instantcms.ru/get

which says (in Russian) that InstantCMS is licensed under GNU GPLv2.

If the message was about a proprietary product (or a SaaS offering?),
then ideally we should have rejected it... but as discussed before, it's
unrealistic for list moderators to investigate these things thoroughly.

Alexander