Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 21:49:51 -0400 (EDT)
From: cve-assign@...re.org
To: fungi@...goth.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@...erpad.org
Subject: Re: CVE Request for read-only directory traversal in Etherpad Minify

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Backslashes are replaced with slashes in
> the path parameter of HTTP API calls after path normalization

> https://github.com/ether/etherpad-lite/commit/9d4e5f6e35153129377206ef545d4965afae627d

Use CVE-2015-3297.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVKH0mAAoJEKllVAevmvmsENgH/0FWEJl/AaToR484pgrOpafC
/WbiO8TTlZ9+TOmdnsQ6eLKMUJ+vH+jMuSp4yHqxwN/hwXmNSVCPhsVfI1ei1C4D
R3/O6kY9Blf4N/8bpqyLJglna7NZmvdCFF/e3P+uRV/WN6rK/d1M3awEai57K+k4
CNNBCsjxotGOOo4p1GDKJz1NGFi8lunlLvfCO4pe4WjiQsF3adOg3gLpk/T3aAJr
SsDRkS2E7T8MokPf2+MLi8kM7dVif5V6HMjlK85RTLFt2nI0xlRKsLAqOxpg2jY9
KPQqQugj1aBW9ZZtNUgCuSelbzqytLfsGTA7CyM+HD+JpV34NqCmjNM07smCTdg=
=ccJQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ