[geeklog-devel] Geeklog in osvdb.org

Dirk Haun dirk at haun-online.de
Fri Apr 2 13:15:30 EST 2004


A new site, called the open source vulnerability database, has been launched:

    http://www.osvdb.org/

Even though it's a (relatively) new site, they also list old
vulnerabilities. Not surprisingly, it also has information on 12 issues
with Geeklog:

    http://www.osvdb.org/searchdb.php?
action=search_title&vuln_title=geeklog&Search=Search

Some of the entries don't list any details yet, since they are "lacking
proper or complete infomation, and is in queue for processing by either a
Data Mangler or Moderator."

Others do list details. However, they also contain incorrect information.
E.g. <http://www.osvdb.org/displayvuln.php?osvdb_id=3273> refers to the
file management plugin, and recommends " Upgrade to version 1.3.8-1sr3 or
higher, as it has been reported to fix this vulnerability." which is of
course not correct.

Another example: <http://www.osvdb.org/displayvuln.php?osvdb_id=2253>
refers to problems that were found in the forum.

*sigh* I guess I have to work my way through those and send in corrections.

I'll CC: the list when I do that (which may take a while ...).

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/




More information about the geeklog-devel mailing list