[VIM] BID 48170 Confusion
rkeith
rkeith at securityfocus.com
Thu Jun 9 13:50:16 CDT 2011
BID 48170 was based off of the following:
http://permalink.gmane.org/gmane.comp.security.oss.general/5223
We suspected it might have been related to 45600, but couldn't tie the two together.
-Rob
On 06/08/2011 07:14 PM, George A. Theall wrote:
> I'm confused by BID 48170. The discussion says there's an unspecified XSS vulnerability in Coppermine Photo Gallery and that versions before 1.4.27
> and 1.5.12 are affected.
>
> The 1.4.27 release announcement referenced in the BID shows it was published in May 20th, 2010 and credits Ilja van Sprundel for discovering the
> vulnerability.
>
> The 1.5.12 release announcement referenced in the BID shows it was published in January 2nd, 2011 and credits Janek Vind.
>
> Are these really referring to the same issue? Rob?
>
> Also for what it's worth, BID 45600 concerns a set of XSS vulnerabilities reported by Janek Vind at the very end of 2010 in Coppermine 1.5.10.
> SecurityFocus doesn't have any info on a fix, but Secunia in SA42751 reports the issues were addressed in 1.5.12.
>
> George
More information about the VIM
mailing list