oss-sec mailing list archives
Re: CVE-request: galette sql injection
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 10 May 2012 20:26:57 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/10/2012 01:06 PM, Johan Cwiklinski wrote:
Hello, Versions 0.63x of galette (out-of-date but mostly used versions for now) have an sql injection vulnerability. Could a CVE be assigned for this vulnerability? This issue has been reported on project's tracker: http://redmine.ulysses.fr/issues/250 The issue has been fixed (http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba),
a new release and an official announcment from the project will come
very soon. Thank you!
Please use CVE-2012-2338 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPrHjxAAoJEBYNRVNeJnmTH3QP/2ndZBsV5A9QDGw4CEnOQEt8 Ms7rX5dMFw1BePrDAk5/AauHEyzS660XuXzfkppA7LYP84s2QZTAYYy4REUAxO47 cDIuLlq2ECIE4EtBIzgvF6c1hNiXznlwgu2woXgxRxiCR/9rYK/v3xZCCDL21MOq jhMm8vLhPNcfa5c2R7ywvFPGq8J5vMnLzlLkKp+1sU61xketv/deH2+LwnBhZNhW h+PRLmfCLDS39IhZJmPvoRRIMe5Fuu9mV7Qu/1CKTze0WLclzBPlf6PXOO309op+ htOrjOAmXxWLbw1PXEj9ih35YN8ByT+MMGdaQQ0nnD06Mp/o+7bdSq5Pl12oTVEo 8f9xFHUN22XydT95y19XymTnZzOv4yAfs18WIPzZOkwH54N11WovXPUJCzWywHcl 0/Bb/KXa8s0KCQT2iPzB8PS7K5+7dN1KMAB8IsIcYE7S7Mk/AuDQH1TNtDvwbw6K n9SC9IzLJardoavhSPWMJDYugCW993OiHiBI6V+CX1i+y+tyOMC3tgYl7RQ/Zilv hzjrHgP7H6B2/87qS82Vz0lLiy8nSsCeSdv336N85On6WWTnKJIwydaKhMe8cXsl 6wmKRRH+nM2cCv9WEk4mW2YZ6AElJMX3CHpTvz8kkqYW7WE5cOGmXEQda/licsZj qUkzRgNIFPZdWnq2Uzl6 =z3ba -----END PGP SIGNATURE-----
Current thread:
- CVE-request: galette sql injection Johan Cwiklinski (May 10)
- Re: CVE-request: galette sql injection Kurt Seifried (May 10)