Home page logo

oss-sec logo oss-sec mailing list archives

CVE request (maybe): magento before
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 31 Dec 2012 10:32:25 +0100


http://www.magentocommerce.com/download/release_notes changelog lists this:
"Fixed: Security vulnerability in Zend_XmlRpc -
http://framework.zend.com/security/advisory/ZF2012-01 "

I don't know if we consider bundled libs issues as extra CVE. The
original one is CVE-2012-3363.

Also, Magento has this:
"Fixed: Several potential security vulnerabilities"

Yeah, I like it if vendors are so verbose about their
vulnerabilities... And here are some people defending the "security by
obscurity standpoint of magento:

(I seriosly consider this is an issue that should be highlighted more -
we recently had piwik devs arguing in a similar way for obsurity - free
software doesn't protect you from dumb developers thinking that
obscurity may be a good idea)

Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc

  By Date           By Thread  

Current thread:
  • CVE request (maybe): magento before Hanno Böck (Dec 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]