Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Mar 2016 13:51:38 +0100
From: S├ębastien Delafond <>
Subject: CVE request - SPIP: 2 vulnerabilities


on behalf of the Debian Security Team, I'd like to request 2 CVEs for
SPIP. Both are present in 3.x before 3.0.22 and 2.x before 2.1.19:

  * PHP code injection when handling content. This is fixed in
    (defining the function itself is enoug, as the global mechanism for
    filters in SPIP automatically tries to lookup and filtre_foo_dist if
    it exists)

  * Objects injection when deserializing untrusted input. This is fixed



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ