oss-sec mailing list archives

Re: CVE-request: galette sql injection

From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 10 May 2012 20:26:57 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/10/2012 01:06 PM, Johan Cwiklinski wrote:

Hello,

Versions 0.63x of galette (out-of-date but mostly used versions for
now) have an sql injection vulnerability.

Could a CVE be assigned for this vulnerability?

This issue has been reported on project's tracker: 
http://redmine.ulysses.fr/issues/250

The issue has been fixed 
(http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba),

a new release and an official announcment from the project will come

very soon.

Thank you!


Please use CVE-2012-2338 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPrHjxAAoJEBYNRVNeJnmTH3QP/2ndZBsV5A9QDGw4CEnOQEt8
Ms7rX5dMFw1BePrDAk5/AauHEyzS660XuXzfkppA7LYP84s2QZTAYYy4REUAxO47
cDIuLlq2ECIE4EtBIzgvF6c1hNiXznlwgu2woXgxRxiCR/9rYK/v3xZCCDL21MOq
jhMm8vLhPNcfa5c2R7ywvFPGq8J5vMnLzlLkKp+1sU61xketv/deH2+LwnBhZNhW
h+PRLmfCLDS39IhZJmPvoRRIMe5Fuu9mV7Qu/1CKTze0WLclzBPlf6PXOO309op+
htOrjOAmXxWLbw1PXEj9ih35YN8ByT+MMGdaQQ0nnD06Mp/o+7bdSq5Pl12oTVEo
8f9xFHUN22XydT95y19XymTnZzOv4yAfs18WIPzZOkwH54N11WovXPUJCzWywHcl
0/Bb/KXa8s0KCQT2iPzB8PS7K5+7dN1KMAB8IsIcYE7S7Mk/AuDQH1TNtDvwbw6K
n9SC9IzLJardoavhSPWMJDYugCW993OiHiBI6V+CX1i+y+tyOMC3tgYl7RQ/Zilv
hzjrHgP7H6B2/87qS82Vz0lLiy8nSsCeSdv336N85On6WWTnKJIwydaKhMe8cXsl
6wmKRRH+nM2cCv9WEk4mW2YZ6AElJMX3CHpTvz8kkqYW7WE5cOGmXEQda/licsZj
qUkzRgNIFPZdWnq2Uzl6
=z3ba
-----END PGP SIGNATURE-----

Current thread:

CVE-request: galette sql injection Johan Cwiklinski (May 10)
- Re: CVE-request: galette sql injection Kurt Seifried (May 10)