Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: Joomla core information disclosure 1.7.1
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 02 Mar 2012 10:21:41 -0700


Huh?

http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html

and

http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html

Sorry that second one should have been:

http://developer.joomla.org/security/news/370-20111001-core-information-disclosure.html

are entirely different issues (one is "Weak encryption causes potential
information disclosure" the other is "Inadequate error checking causes
potential information disclosure."), so two issues, two CVE's. We split
based on (among other things) the underlying issues, not the outcome.

These two CVE's are fine.



-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault