lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun Aug 21 19:47:28 2005
From: hugues.peeters at claroline.net (Hugues Peeters)
Subject: Re: Erroneous Informations - Multiple directory
 traversal vulnerabilities in Claroline

Dear Sir,

Your web site states at the address below that our application,
Claroline, suffer from several security holes.

http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html

As I have emailed to the author of this warning four days ago
(see my message below), Claroline is NOT concerned by these
security holes. The application affected by these problems is
DOKEOS (http://www.dokeos.com), not Claroline. Dokeos is a fork
of Claroline coded by another development team from nearly two
years now.

Could you rectify the security warnings you have published as
soon as possible ? As the erroneous informations published on
your site inflict serious damage on our reputation.

Best regards,

Hugues Peeters
----
phone  : 32 (0) 10 47 85 48
e-mail : hugues.peeters@...roline.net
web    : http://www.claroline.net
----

 > Thanks a lot to have warned us of these code vulnerabilities. However
 > the code you have investigated is the Dokeos application code, a
 > Claroline fork.
 >
 > Two of the for security holes you've identified concern the 'Scorm'
 > module, which is a proper Dokeos development. Beside, we've tested the
 > other two identified security holes in our 'Document' module, we've
 > concluded that Claroline isn't affected by these ones.
 >
 > Thanks anyway to have notified us of these security issues. We forward
 > you warning mail to the concerned development staff. Don't hesitate to
 > contact us again if you find similar security problems in the original
 > Claroline application.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ