Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Curl insecure usage
From: Moritz Muehlenhoff <jmm () debian org>
Date: Wed, 2 Jan 2013 19:02:01 +0100

On Wed, Dec 26, 2012 at 12:38:19PM +0100, Moritz Muehlenhoff wrote:
On Thu, Nov 29, 2012 at 10:44:36PM +0100, Moritz Mühlenhoff wrote:
Also can someone collate and post a list of all the other apps using
curl insecurely and need CVE's with appropriate links to the
upstreams/etc? Thanks.

There are some, which are potentially affected, but where discussion
with upstream is still pending.
 
Here are two more. These are the last two remaining issues found by 
Alessandro Ghedini:
Please assign CVE IDs:

1. Zabbix
https://support.zabbix.com/browse/ZBX-5924

2. Moodle
This one is two-fold. First of all Moodle embeds PHP-Cas and Moodle is thus
affected by CVE-2012-5583 as well. (Same code, so same CVE ID).

Additionally there's another issue specific to Moodle, which requires a CVE
ID:
https://github.com/tpyo/amazon-s3-php-class/pull/36

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]