oss-sec mailing list archives
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection
From: Jeremy Stanley <fungi () yuggoth org>
Date: Wed, 14 Sep 2016 22:29:16 +0000
On 2016-09-14 10:22:58 -0600 (-0600), Kurt Seifried wrote:
Ideally people should get CVEs and then post to oss-security with the information and the CVE. A lot of people consume the list data and the current method means that people end up searching their DBs, making sure it's new, then entering it, then updating it with a CVE. If people got CVEs first this would vastly simplify things.
At least for some projects, if a vulnerability is already public or becomes public prior to requesting a CVE privately from some CNA, it makes more sense to go ahead and widely inform the community (via this ML and elsewhere) and then associate a CVE with it afterward. While having a unique identifier is important, I think rapid dissemination of vulnerabilities so that downstream users can patch their systems is more important. -- Jeremy Stanley
Current thread:
- ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 07)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger (Sep 14)
- Message not available
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 15)