oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: vanilla forums cookie theft, plugin access control

From: Josh Bressers <bressers () redhat com>
Date: Mon, 10 Oct 2011 14:32:14 -0400 (EDT)


----- Original Message -----

http://vanillaforums.org/discussion/14397/vanilla-2.0.17-released

two issues:

before 2.0.17.9 - [SECURITY] Fixed cookie theft vulnerability.


Use CVE-2011-3613





before 2.0.17.10 - [SECURITY] Fixed Facebook, Twitter, and Embed
plugins' access control.



Use CVE-2011-3614

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: