Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 14 Dec 2009 17:37:45 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request - Open Flash Chart v2

Here's a link to the Secunia advisory as a reference:
http://secunia.com/advisories/37078/

Please use CVE-2009-4140 for this.

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang@...il.com> wrote:

> The Piwik project released an advisory re: the inclusion of
> ofc_upload_image.php -- a potentially exploitable file from the
> php-ofc-library offered by the Open Flash Chart project.
> 
> -
> http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/
> 
> Since Open Flash Chart is used by web sites and open source projects,
> a common CVE makes sense.
> 
> Open Flash Chart:  Affected v2 Beta 1 through v2 Lug Wyrm Charmer. 
> Fixed: no
> Piwki:  Affected: 0.2.35 through 0.4.3.  Fixed in 0.4.4.  (Removed
> file)
> Open Web Analytics:  Affected: 1.2.  Fixed in svn.  (Removed file)
> 
> Other web sites/projects:
> -
> http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik
> - http://www.google.com/codesearch?q=ofc_upload_image.php

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ