oss-sec mailing list archives
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE
From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 11 May 2012 22:06:48 +0200
Hi Kurt,
Issues in TYPO3-SA-2010-022 are still without CVE-identifiers if I am correct. http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/OSVDB: 70116,70117,70118,70119,70120,70121,70122,70123http://secunia.com/advisories/35770/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286 Originally requested in here http://seclists.org/oss-sec/2011/q1/76 - Henri SaloCVE-2012-2342 TYPO3-SA-2010-022 #1 frontend click enlarge XSS CVE-2012-2343 TYPO3-SA-2010-022 #1 frontend form content object XSS CVE-2012-2344 TYPO3-SA-2010-022 #2 PHP file inclusion protection API CVE-2012-2345 TYPO3-SA-2010-022 #3 Install Tool XSS CVE-2012-2346 TYPO3-SA-2010-022 #4 Backend Remote File Disclosure CVE-2012-2347 TYPO3-SA-2010-022 #4 Backend Path Traversal CVE-2012-2348 TYPO3-SA-2010-022 #4 Backend SQL Injection CVE-2012-2349 TYPO3-SA-2010-022 #5 Database API info disclosure split #1 because it affects different versions, split #4 because it's 3 separate issues, same as the vendor did.
But these are from 2010, they should not have 2012-* IDs?
Cheers,
Moritz
Current thread:
- CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Henri Salo (May 10)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 10)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 10)