oss-sec mailing list archives
Re: CVE request: Piwik before 1.7
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 13 May 2012 11:21:53 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/13/2012 03:57 AM, Hanno Böck wrote:
[...] Or to sum up: Piwik thinks "security by obscurity" is a good idea... I agree to Henri, we should assign CVEs anyway.
Ok well do a code diff and post it, XSS is usually pretty easy to spot in PHP. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPr+2xAAoJEBYNRVNeJnmTJjwP/iRNMVoCw8VRhsC9MbUchMj5 Hnmg0ILmQtqCGC/DUA2hUE8qJld+zIEhNvDlApVt16SSijhJxMYVudW3vIHtkrn/ TTfOx30WfV5BCMrmEVLyU2w9SKl5MK84OVM74x7Z4Eu1QGHTkcvs+DnQK6JK6vwe clLFoXJgyYyudZdOOp6mDY08K9ymqsZPCk9OhprB6gQBaCWyuzR6MNNvtK8zyLae hvUoH4qHs5vtAG0yn8YcYIOboiSEkEP0K6vkAHQ6pTtIDfQE7PmQ65NhE6r/713P XgAP/1vJrDAWXxvPmJWoFu7acFpBpaWBwk5G/SpokGd6m3En0D1wlJIfcWPg9Rxq M4zS8tcMddZLH0IeYR8clPcP+45TmrjDxU5VRJbNjpFl02Q4yoh7IYmFhTcUS5te Pz4j6PrwJNpZlIu9AOA0CD27PbT4HN7EtPGhB++b/HjzQJpu+8pzz1eOsBwjKhj/ deApfspAjXeV7PdTItAPfSuvrW+A1cr7ajPstVbMpeTD9eooaeu64FP5mAvuR+pR rJP7sNFAhItgqErSUmMG2CJVvTrHKlv7RxN4N6NNvZ24barz8kabQQZliZMgflCt dyeUtlq1jGYmhNwqOVY1SdPeWCHvdUcWHHldVdKSanuZw+vK55Ud83KtsrCLkU5/ gYEVbw8qL6C3hB05SUYM =m6R8 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Piwik before 1.7 Hanno Böck (May 08)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 08)
- Re: CVE request: Piwik before 1.7 Henri Salo (May 13)
- Re: CVE request: Piwik before 1.7 Hanno Böck (May 13)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 13)
- Re: CVE request: Piwik before 1.7 Nicob (May 13)
- Re: CVE request: Piwik before 1.7 Henri Salo (May 13)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 08)
- Re: CVE request: Piwik before 1.7 Henri Salo (Jun 07)