Date: Wed, 28 Mar 2012 09:38:58 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE-request: e107 HTB23004 I won't veriify these vulnerabilities manually. Please assign 2011 CVE-identifier. Original advisory: https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html These vulnerabilities have been fixed in 12306 revision. Please do not ask me why changelog entry does not say anything about security problems. HTBridge has tested that vulnerabilities do not exist after patches. >From HTBridge: On the 6 of July a correction was released: http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?revision=12306&view=markup Details of this corrections are available here: http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 Corrections for our vulnerabilities are marked as "User extended fields administration improvements and cleanup". The changelog: http://e107.org/svn_changelog.php?version=0.7.26 confirms that this correction was applied to e107 0.7.26 version. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ