Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Jan 2012 14:59:26 -0700
From: Kurt Seifried <>
CC: Henri Salo <>
Subject: Re: CVE-request: NGS00109 remote code execution in
 ImpressPages CMS

On 01/15/2012 08:58 AM, Henri Salo wrote:
> This issue does not have CVE assigned. If I am correct this needs CVE from 2011 pool as original advisory was done in but details came in
> Vendor url:
> Secunia:
> eval() is evil()
> - Henri Salo
It was known as a security vuln in 2011, to 2011 CVE. Had it been
silently slipped out as an update but no info that it was security
related then it might warrant a 2012 CVE. Please use CVE-2011-4932 for
this issue.


-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ