Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 May 2013 12:01:07 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Salvatore Bonaccorso <carnil@...ian.org>,
        David Pré
 vot <taffit@...ian.org>
Subject: Re: CVE Request: SPIP privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/25/2013 08:17 AM, Salvatore Bonaccorso wrote:
> Hi Kurt
> 
> SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability,
> where an user can take editorial control on the site.  Upstream announce
> is at [1] and the upstream commit fixing it is [2].
> 
> I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem
> to be a english translation of the announce available right now).
> 
>  [1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
>  [2] http://core.spip.org/projects/spip/repository/revisions/20541 
>  [3] http://bugs.debian.org/709674
> 
> Could a CVE be assigned to this issue for better tracking?
> 
> Regards,
> Salvatore

Please use CVE-2013-2118 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRo59iAAoJEBYNRVNeJnmTGowP/Aw8ICe0RweKkV0oyR35lFkd
GGWj34hmYW+AqQAZB9CZ6CwAW7HiDnbUOd607kwu856x8C7fq+C1vRFKQJFBbomg
iVu5SJtpAD3XffuzqIV3ufpqAh8Z3u9NLrlfrgRbTOvr08zN5pdsT8mMJTO/2DtU
6mbDG6wnrFOPtYBZLaSJDXroFd69F+uHQn60sK1v07KVlyKtkGHNSsgzhr7GN+zj
i4x6hBo5AytQg3tOJfLBvTmJrGU47P71zXNLiON+F+Xow75brLM3DHBI14hfnZqR
5VewPkr+wrrr3ytsypBIlPU79rUcb8OyhdV2ozowB1Iq2s4eWA4r0VFRZ+iXoGqg
vOVNivMHadqK3AezGulgOBuVzofysJFX3Wr4o5jx6gsLQn4nj7ZEK/lh6ZGDzJj4
VT2FP5r7sLbMxLj4jGqxmae1Crqe4JtDdFuuEt+oZ/sM2BF0kH+saR1lUkrvvsqC
KT/G2f7pivgG/3y3T+sujRvFvnWXykv50mRGG3qgHUBBHuBykaC9Tl2WOHSJiXz2
V4DpesTCmWNMdEtQ7Xue+X8bk8Hg/qE/8wnn2KF6kOPlkHIp7VpTsawE+vzX4bJe
PY47QWim4tD0czV1jGn0vE8Af/TNlLgRwf69PXSLvA/97m3KuSDLbC5BL5HoN7za
7IKLZN/XTB3uyOZYEmGb
=qn2v
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ