The following bug has been fixed:
[-] PCI compliance scanners are failing because Courier IMAP is not PCI compliant
Comment
(Oct 8) It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client. [More…]
(Oct 8) Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates [More…]
The following bug has been fixed:
[-] PCI compliance scanners are failing because Courier IMAP is not PCI compliant
[-] Parallels Premium Outbound Antispam license could not be applied due to wrong product name
[-] Russian locale has been updated
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
- Exploit type: Information disclosure
- Reported Date: 2012-October-31
- Fixed Date: 2013-February-4
- CVE Number: CVE-2013-1453
Description
Method of encoding search terms led to possible information disclosure.
Affected Installs
Joomla! version 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
Solution
Upgrade to version 3.0.3 or 2.5.9.
Reported by Egidio Romano
Contact
The JSST at the Joomla! Security Center.