[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests : Liferay 6.0.6
Sorry for the delay, this one was bigger than a breadbox so I needed to
find a block of time to handle it.
----- Original Message -----
> Hello,
>
> version 6.0.6 of Liferay correct 3 security vulnerabilities related to
> the processing of XSLT content and 2 XSS.
>
> The full 6.0.6 Changelog :
> http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
>
> Remote command execution :
> http://issues.liferay.com/browse/LPS-14726
Use CVE-2011-1501
> Arbitrary file disclosure via XXE :
> http://issues.liferay.com/browse/LPS-14927
Use CVE-2011-1502
> XSL/XML file disclosure via file:// :
> http://issues.liferay.com/browse/LPS-13762
Use CVE-2011-1503
> XSS vulnerability :
> http://issues.liferay.com/browse/LPS-11506
Use CVE-2011-1504
> XSS in message boards :
> http://issues.liferay.com/browse/LPS-12628
Use CVE-2011-1570
Thanks
--
JB
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
