Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: Joomla core information disclosure 1.7.1
From: Henri Salo <henri () nerv fi>
Date: Fri, 2 Mar 2012 20:15:31 +0200

On Fri, Mar 02, 2012 at 10:03:06AM -0700, Kurt Seifried wrote:
Huh?

http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html

and

http://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html

are entirely different issues (one is "Weak encryption causes potential
information disclosure" the other is "Inadequate error checking causes
potential information disclosure."), so two issues, two CVE's. We split
based on (among other things) the underlying issues, not the outcome.

These two CVE's are fine.

Definitely not my day. Sorry about that! My link should have been: http://secunia.com/advisories/46421/

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault