[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0809152115580.6953@faron.mitre.org>
Date: Mon, 15 Sep 2008 21:19:18 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: CVE request: joomla < 1.5.7
On Thu, 11 Sep 2008, Hanno [utf-8] Böck wrote:
> http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html
>
> Security
>
> * Several security issues were fixed in this release. There was 1
> critical, 1 major and 2 moderate security vulnerabilities fixed in 1.5.7. For
> more information, visit the Security Center.
more details were from http://developer.joomla.org/security.html
[20080902] - Core - Random Number Generation Flaw
http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html
Use CVE-2008-4102
------
[20080903] - Core - com_mailto Spam
http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html
Use CVE-2008-4103
------
[20080904] - Core - Redirect Spam
http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html
Use CVE-2008-4104
------
[20080901] - Core - JRequest Variable Injection
http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html
Use CVE-2008-4105
- Steve
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
