Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 15 Mar 2016 10:23:31 -0400 (EDT)
From: cve-assign@...re.org
To: seb@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - SPIP: 2 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> SPIP. Both are present in 3.x before 3.0.22 and 2.x before 2.1.19:

>   * PHP code injection when handling content. This is fixed in
>     https://core.spip.net/projects/spip/repository/revisions/22911
>     (defining the function itself is enoug, as the global mechanism for
>     filters in SPIP automatically tries to lookup and filtre_foo_dist if
>     it exists)

Use CVE-2016-3153.


>   * Objects injection when deserializing untrusted input. This is fixed
>     in https://core.spip.net/projects/spip/repository/revisions/22903

Use CVE-2016-3154.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW6BpiAAoJEL54rhJi8gl5khAP+wfeb29voowCOZSZYznOyuAm
mZd1AEHj4y+TJYzyFyqrf0MfQj7WmnJ6OO0icPz2bUol1V2LAL0MItkO4iNhqBJ5
X/vIOC1xjEG9VN+q+IFrT9+SkBC/NI8VhFUAO1NdgsGeIfu9EX2NanIEHWgR1aFE
yKddPKTz7a8YCRrvLXBIawC8sOuQM4TTiyOx4FozZWO9YMP5uQ/8zXX9JlzOBylh
rW2ZPNYNCh5H4B8w8WFfNPwcFhX9LF2vFh6PXbAuIxJNjyyDrn6tt0Ukznrdzn75
tvA3MtdhIHdIIbwk8cEQvov1+8dndFhzCCDVX1SIP97XQ9G9A+9O/ukWslOij9HK
zcxaTTegDO5tXBHhJnTbUrh042tSH1yhHR11PSNN/BGmZjQamDWOP0z7dHKPCIDa
Qx6VbY/jXriAoZRBdz2L5+10wtBwFkH3AWTPn0jmZCZOO0dNBECTZD703bPfWxVG
HnGaiOFknxV+nW5LfaxYYLmqdz/pqaaYGg+3k7QgsuUkD4Y73YXLoMgGq8TB+M88
zFzxVzIpKbcoJaoyDthvu2EfwpgIQxWDTQ2nytA35E5O8hfL0naLXEySY88QFSZ7
HGX0+E4vakm2UAW5CrpC1/d8AFgyOwiS5Pe3u5BaX4sV6rHlwD10tIlnG5tvY+LT
/N0GgEWADL0Zf1kown/g
=D4wB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ