lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 18 Dec 2011 14:33:55 +0200
From: Henri Salo <henri@...v.fi>
To: security curmudgeon <jericho@...rition.org>, advisory@...ridge.ch
Cc: bugtraq@...urityfocus.com
Subject: Re: RFI in JAF CMS

On Sat, Apr 02, 2011 at 12:31:28AM -0500, security curmudgeon wrote:
> CVE-2008-1609 & CVE-2006-7128
> 
> same issue, 4.0 RC1 and RC2. really guys? at least check VDBs before you 
> publish.
> 
> : Vulnerability ID: HTB22666
> 
> : Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
> 
> Did you check the vendor's page?
> 
> This page last updated on : May 20, 2006

This is still listed in htbridge web-page. Sadly www.attrition.org/errata/ doesn't work anymore. They listed lots of similar announcements.

https://www.htbridge.ch/advisory/rfi_in_jaf_cms.html
http://webcache.googleusercontent.com/search?q=cache:bXCSV_g236EJ:attrition.org/errata/charlatan/htbridge/advisory_errata.html&hl=en&strip=1

- Henri Salo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ