On Wed, Dec 21, 2005 at 08:52:37PM +0100, Martin Schulze wrote: > I've added > > CVE-2005-3536 > > Missing input sanitising of the topic type allows remote attackers > to inject arbitrary SQL commands.
ack. > CVE-2005-3537 > > Missing request validation permitted remote attackers to edit > private messages of other users. Edit, *and read*. > to the advisory. > > Thanks a lot! I'll add those CVE id's to our svn for unstable and for any potential further stable update. Thank you for the continued hard work on security stuff, --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]