Date: Wed, 18 Jan 2012 14:59:26 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS On 01/15/2012 08:58 AM, Henri Salo wrote: > This issue does not have CVE assigned. If I am correct this needs CVE from 2011 pool as original advisory was done in http://seclists.org/bugtraq/2011/Sep/156 but details came in http://seclists.org/bugtraq/2012/Jan/28 > > Vendor url: http://www.impresspages.org/news/impresspages-1-0-13-security-release/ > Secunia: http://secunia.com/advisories/46193/ > OSVDB: http://osvdb.org/show/osvdb/75783 > > eval() is evil() > > - Henri Salo It was known as a security vuln in 2011, to 2011 CVE. Had it been silently slipped out as an update but no info that it was security related then it might warrant a 2012 CVE. Please use CVE-2011-4932 for this issue. -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ