|
Message-ID: <alpine.LNX.2.00.1307221726590.28441@forced.attrition.org> Date: Mon, 22 Jul 2013 17:28:35 -0500 (CDT) From: security curmudgeon <jericho@...rition.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: webcalendar before 1.2.7 Kurt's reply is a good reminder of why he needs that information. Based on the original post, some of these have assignments. : Security fix: Do not show the reason for a failed login (i.e. "no such user") Likely CVE-2013-1422 / OSVDB 90668 : Security fix: Escape HTML characters in category name. Likely CVE-2013-1421 / OSVDB 90669 : Security fix: Check all passed in fields (either via HTML form or via : URL parameter) for certain malicious tags (script, embed, etc.) and : generate fatal error if found. This one seems like it may be new.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.