Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 May 2015 06:26:05 -0400 (EDT)
From: cve-assign@...re.org
To: fungi@...goth.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request for read-only directory traversal in Etherpad frontend tests

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There was no earlier reply. Note that the first message in the thread
apparently had an "Re: " at the beginning of the Subject line:

  http://openwall.com/lists/oss-security/2015/04/11/10

> a vulnerability in the frontend tests of previous Etherpad releases,
> which are enabled by default.

> https://github.com/ether/etherpad-lite/commit/5409eb314c4e072b9760b8d30b985fa0bb96a006

> fix an issue in the path handling that allowed directory traversal
>
> node/hooks/express/tests.js

Use CVE-2015-4085.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVZEm8AAoJEKllVAevmvms8HMH/A0DtXVdlWKIQvo6tmFK4MEI
1G2GQ5VTQWGEBu3hoKiOMwXSd/iuodT24dTUGy0CnSjdByisaO4TpaFGumkosQ0u
oLaCl9NE4aCgdoEpL5FliPl5KOAmhBcgfj19shpfVjbDChSMzYRmdLGnT36tWjL1
Y2fnuKMVktULyNnYXShae4kr/Mud4TW1cSXfhZPgB7MIIF4mO+1BoFE6wrqDM8QS
zMF/mSBElDFnvRBvi4B+m9noEagoTjR+jBsb1ebvC0Nkg8ne9r5Q/Hp+9Mb5z1bf
nWfqXUHQ7DY6kIA7Y2bueNC8+45ZnTyhC1pHxEABRaJHfGegRCKTp63Kx8bg9rA=
=OCMJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ