Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200905121625.48260.hanno@hboeck.de>
Date: Tue, 12 May 2009 16:25:48 +0200
From: Hanno Böck <hanno@...eck.de>
To: Tomas Hoger <thoger@...hat.com>
Cc: oss-security@...ts.openwall.com,
  Steven Christey <coley@...us.mitre.org>
Subject: Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution

Am Dienstag 12 Mai 2009 schrieb Tomas Hoger:
> Was this meant as CVE request?  Upstream changelog does mention CVEs
> for the issues, as well as upstream SVN commits and security page:
>   http://www.squirrelmail.org/security/

Thanks for the note, the release notes didn't mention them and they were not 
up on nvd.nist.org, so I didn't find them.

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de
http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher
http://tinyurl.com/dceu73 - Internetzensur stoppen!

http://schokokeks.org - professional webhosting

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.