[VIM] AW: AW: [Change Request] 21213: randshop /themes/kategorie/index.php Multiple Variable SQL Injection (fwd)

[security curmudgeon]

---------- Forwarded message ----------
From: Philipp Wunderlich <philipp.wunderlich at dierandgruppe.com>
To: 'security curmudgeon' <jericho at attrition.org>
Date: Thu, 8 Dec 2005 18:17:44 +0100
Subject: AW: AW: [OSVDB Mods] [Change Request] 21213: randshop
     /themes/kategorie/index.php Multiple Variable SQL Injection

Hi Brian,

now we got it. The actual version of the shop in the download section on
our website has the latest bugfix. I hope you can change now the status
on stable.

And now I get the Newsletter from Secunia an hope, that get more quickly
information of security problems in our system.

Thanx for your help.

--
cu & have fun
Philipp Wunderlich


-----Ursprüngliche Nachricht-----
Von: security curmudgeon [mailto:jericho at attrition.org]
Gesendet: Mittwoch, 7. Dezember 2005 21:09
An: Philipp Wunderlich
Betreff: Re: AW: [OSVDB Mods] [Change Request] 21213: randshop
/themes/kategorie/index.php Multiple Variable SQL Injection


: sorry, I see, that my workmate haven't update the shop. He only set
the
: information in den forum and the news section for a manual download
:
: I check this and inform you when the download version is also fixed.

Excellent, thanks!

: Another short question to you. Did you have a mailing list, where this

: kind of notifications will be published? I've only see the OSVDB Date
: mailing list and here would only projects published, which change the
: status to a stable status. But what about the new entries on your
: website?

We have a mail list that sends out entries that were made stable each
night. This list does not include all entries created for the day
though,
so it isn't necessarily the best for watching for brand new
vulnerabilities. For that, I would recommend you subscribe to Secunia's
mail list (daily mails) and SecurityTracker's list (one weekly summary).

Brian
OSVDB.org