[pLog-svn] sql exploit?
Mark Wu
markplace at gmail.com
Tue Jun 10 13:13:40 EDT 2008
So, maybe we should send a mail to NIST and ask them to correct this?
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Wednesday, June 11, 2008 1:10 AM
> To: LifeType Developer List
> Subject: Re: [pLog-svn] sql exploit?
>
> That's what I thought they were talking about. But, it
> was updated today, and makes it look like it is across all versions.
>
> On Wed, 11 Jun 2008, Mark Wu wrote:
>
> > This bug exist in version 1.0.x, but already fixed after verion 1.1.
> >
> > Mark
> >
> >> -----Original Message-----
> >> From: plog-svn-bounces at devel.lifetype.net
> >> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> >> Sent: Wednesday, June 11, 2008 12:27 AM
> >> To: LifeType SVN
> >> Subject: [pLog-svn] sql exploit?
> >>
> >> Can anyone duplicate this? I can't on the current svn
> branch, and I
> >> downgraded to 1.2.8 and can't either.
> >>
> >> (I also checked Reto's blog, and got the same error as mine -
> >> error_fetching_album)
> >>
> >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
> >>
> >> Maybe the security report has a typo in it, and it is only
> a drupal
> >> module that it is affected. The example exploit shows downloading
> >> lifetype from sourceforge...
> >>
> >>
> >> --
> >> Jon Daley
> >> http://jon.limedaley.com
> >> ~~
> >> I want to get quoted. I think I say enough stuff to get quoted.
> >> -- JoAnn Paul
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
>
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> If it weren't for the last minute, nothing would get done.
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list