Date: Sun, 9 Feb 2014 19:30:11 -0500 (EST) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, 736969@...s.debian.org Subject: Re: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > suPHP 0.7.2 has been released. > This release fixes a security issue that was introduced with the 0.7.0 > release. This issue affected the source-highlighting feature and could > only be exploited, if the suPHP_PHPPath option was set. In this case > local users which could create or edit .htaccess files could possibly > execute arbitrary code with the privileges of the user the webserver > was running as. Use CVE-2014-1867. A commit reference isn't strictly necessary, but without one we sometimes wait a short time for further information before sending a CVE assignment, in case the issue (for example) actually had multiple vulnerability types. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS+BvwAAoJEKllVAevmvmsl7QH/jw1FQDZ72Y6+iFXRxoNH/zF vFWiTpi7G6TG9vM9H25iPn8tqwhWZLvHRrxmdjQ3E95PaRE7kNgNTs0ju9HuCein 1+JZ+PGZvCuTcKQgesW2/0XgEIX1OK0eTXsvS4joZ1FS2m4ODzZ7eoEX02fn5rqB VWiV+X80MAv0HO/SAcf4mhuAz6iofEjVbEL+1+/QCMpO12CGFCIZRF0nXoFvjdRh gWNIhVn88IifPP4Vvo3sfIinAMEcN/7CeMiRZ2nf4hkuTQlIaKD6SEfKFQK+T20c 9mBKxA0Mj0P4fDkqm7EZk612OP9pi2cox0V3+GaIzbQQpaP3RAEpkmyJZNY9zSU= =IuVz -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ