oss-sec mailing list archives
Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9
From: Moritz Muehlenhoff <jmm () inutil org>
Date: Fri, 2 Apr 2010 22:28:10 +0200
On Thu, Apr 01, 2010 at 03:31:18PM -0400, Josh Bressers wrote:
----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:Hi Steve, vendors, though April the First today, this doesn't seem to be a joke: a, Zabbix <= 1.8.1 SQL Injection [1] http://seclists.org/fulldisclosure/2010/Apr/1 [2] http://www.zabbix.com/rn1.8.2.phpUse CVE-2010-1144 for this one
Josh, in a later mail you've assigned the same ID to a libnids issue: | > http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt | > | > "v1.24 Mar 14 2010 | > - fixed another remotely triggerable NULL dereference in | > ip_fragment.c" | > | > [3] http://secunia.com/advisories/39225/ | > | > Could you allocate a CVE id for it? | > | | Please use CVE-2010-1144 Cheers, Moritz
Current thread:
- CVE Request -- Zabbix v1.8.2 and v.1.6.9 Jan Lieskovsky (Apr 01)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Josh Bressers (Apr 01)
- RE: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Nicolas GREGOIRE (Apr 02)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Moritz Muehlenhoff (Apr 02)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Tomas Hoger (Apr 03)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Nicob (Apr 04)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Steven M. Christey (Apr 06)
- Re: CVE Request -- Zabbix v1.8.2 and v.1.6.9 Josh Bressers (Apr 01)