Date: Tue, 15 Mar 2016 13:51:38 +0100 From: Sébastien Delafond <seb@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request - SPIP: 2 vulnerabilities Hello, on behalf of the Debian Security Team, I'd like to request 2 CVEs for SPIP. Both are present in 3.x before 3.0.22 and 2.x before 2.1.19: * PHP code injection when handling content. This is fixed in https://core.spip.net/projects/spip/repository/revisions/22911 (defining the function itself is enoug, as the global mechanism for filters in SPIP automatically tries to lookup and filtre_foo_dist if it exists) * Objects injection when deserializing untrusted input. This is fixed in https://core.spip.net/projects/spip/repository/revisions/22903 Cheers, --Seb
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ