|
Message-ID: <4F79E5A8.7090703@redhat.com> Date: Mon, 02 Apr 2012 11:45:12 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Filippo Cavallarin <filippo.cavallarin@...seq.it> Subject: Re: CVE request: OSClass directory traversal vulnerability On 04/02/2012 10:42 AM, Filippo Cavallarin wrote: > On 2 Apr 2012, at 5:53 PM, Kurt Seifried wrote: > >> On 04/02/2012 01:59 AM, Filippo Cavallarin wrote: >>> Hello, >>> Can i get a CVE identifier for this issue: >>> >>> http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability >>> >>> Thanks >>> >>> Filippo Cavallarin >>> >>> >>> C o d S e q >>> Development with an eye on security >>> ------------------------------------------------------------------------ >>> Castello 2005, 30122 Venezia >>> Tel: 041 88 761 58 - Fax: 041 81 064 714 - Cell: 346 66 93 254 >>> c.f. CVLFPP82B27L736J - p.iva 03737650279 >>> http://www.codseq.it - filippo.cavallarin@...seq.it >>> >> >> Please provide links to the original vendor advisory/ChangeLog/commits/etc. >> >> -- >> Kurt Seifried Red Hat Security Response Team (SRT) > > > The changelog can be found here > > http://osclass.org/blog/ > > Filippo Cavallarin The actual blog entry: http://osclass.org/blog/2012/03/05/osclass-2-3-6/ doesn't mention anything about directory traversal. Do you have a link on their site, or the commit showing the problem or the fix? -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.