Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 May 2013 12:01:07 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Salvatore Bonaccorso <carnil@...ian.org>,
        David Prévot <taffit@...ian.org>
Subject: Re: CVE Request: SPIP privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/25/2013 08:17 AM, Salvatore Bonaccorso wrote:
> Hi Kurt
> 
> SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability,
> where an user can take editorial control on the site.  Upstream announce
> is at [1] and the upstream commit fixing it is [2].
> 
> I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem
> to be a english translation of the announce available right now).
> 
>  [1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
>  [2] http://core.spip.org/projects/spip/repository/revisions/20541 
>  [3] http://bugs.debian.org/709674
> 
> Could a CVE be assigned to this issue for better tracking?
> 
> Regards,
> Salvatore

Please use CVE-2013-2118 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRo59iAAoJEBYNRVNeJnmTGowP/Aw8ICe0RweKkV0oyR35lFkd
GGWj34hmYW+AqQAZB9CZ6CwAW7HiDnbUOd607kwu856x8C7fq+C1vRFKQJFBbomg
iVu5SJtpAD3XffuzqIV3ufpqAh8Z3u9NLrlfrgRbTOvr08zN5pdsT8mMJTO/2DtU
6mbDG6wnrFOPtYBZLaSJDXroFd69F+uHQn60sK1v07KVlyKtkGHNSsgzhr7GN+zj
i4x6hBo5AytQg3tOJfLBvTmJrGU47P71zXNLiON+F+Xow75brLM3DHBI14hfnZqR
5VewPkr+wrrr3ytsypBIlPU79rUcb8OyhdV2ozowB1Iq2s4eWA4r0VFRZ+iXoGqg
vOVNivMHadqK3AezGulgOBuVzofysJFX3Wr4o5jx6gsLQn4nj7ZEK/lh6ZGDzJj4
VT2FP5r7sLbMxLj4jGqxmae1Crqe4JtDdFuuEt+oZ/sM2BF0kH+saR1lUkrvvsqC
KT/G2f7pivgG/3y3T+sujRvFvnWXykv50mRGG3qgHUBBHuBykaC9Tl2WOHSJiXz2
V4DpesTCmWNMdEtQ7Xue+X8bk8Hg/qE/8wnn2KF6kOPlkHIp7VpTsawE+vzX4bJe
PY47QWim4tD0czV1jGn0vE8Af/TNlLgRwf69PXSLvA/97m3KuSDLbC5BL5HoN7za
7IKLZN/XTB3uyOZYEmGb
=qn2v
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.