Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 03 Sep 2012 02:23:18 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>, pawel.wylecial@...il.com
Subject: Re: CVE-request: CakePHP XXE injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2012 11:35 PM, Henri Salo wrote:
> Could you assign 2012 CVE-identifier for this issue?
> 
> Original advisory: http://seclists.org/bugtraq/2012/Jul/101 Vendor
> security advisory:
> http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
>
> 
OSVDB: http://osvdb.org/show/osvdb/84042
> 
> "CakePHP 2.1.5 and 2.2.1 have just been released. If you are using
> CakePHP's `Xml` class, you should upgrade as soon as possible."
> 
> - Henri Salo

Please use CVE-2012-4399 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQRGj2AAoJEBYNRVNeJnmTZs8QANnwWgywgyQEVVTB/cZo/GWG
sCtVM/1tvipO3hwb67Bde1zaILYf75XMFtrpTwmIUaK3AKdzwMxg0RJt4A0Xuu6L
MlXbDuEsXXiFrkRg+sxmlIM1cOBcWkktOCnyvduff/RR9MElpETq8B9z8/8lONDt
L8YfEHszpUeLPIDwg+6g/IdcdaLfk3ZK7lVGgEzls8+nJJh1oKWb4kKbM7sLOYrL
W9Fo0SysfYQtJCeObcAdgtytMBZHjZWoxTGTYN/uOJkOg6/kgT7yx1UkZe0gFBjA
xvbKec1jaIGXhrukZ59gcGJx//wQV9dOLKOnozwTXGlKWMcnWW15gvVHUadjWxOp
EYvU5p5NbBZ3IAvI730M2+bAsjyJH8jJKzFc+vMlhgVHOo6asrtkz6bUxUO4Xysi
bRW7DlO5TC9wyu4okmbqGZnuF81JAan/k88RGbmfLf2JlwmCXMayumsTXv/GTm7B
fM9Q9zfOgOuk09aefkT/QjcrSstQs9qbsGx7crQd46OT36/kP6Pms7yalGtb0lZW
eFqQwWRnThd6pfEXWuMkcSbseA0BIlGWaFvzgBwYGxvojhme7tLd3k3qaQ1vPAPi
ffVtOgnadUifSqP7p3NNq6juDz+fySLtefIGAnaB4Mfr9VViczvD6pYe2sGKzP4X
S9VsUFjhNa3Rqd9G8c51
=TRQe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ