Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Jun 2016 15:52:24 -0400 (EDT)
From: cve-assign@...re.org
To: scott@...agonie.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Simple Machines Forums - PHP Object Injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The first one appears to have been fixed in the release-2.1 branch, but the
> other one still exists.

> https://github.com/SimpleMachines/SMF2.1/blob/404fd5347951652624dfb72304ee38fcab98378f/Sources/Packages.php#L863-L873

Use CVE-2016-5726.


> https://github.com/SimpleMachines/SMF2.1/blob/19ee85ff8761b792ea3e9ed630a947f45f93ee68/Sources/LogInOut.php#L125-L129

Use CVE-2016-5727.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXZaYTAAoJEHb/MwWLVhi2/+YP+wc2CtBwbz9Qs67YW8t1UXuS
wxH2Dw7r3VLuGmD5UJAZBYt4+7kGd8FdMijD4ZNT3EdfraEkD45u8sXmbx0P0y7E
qX178dTVoi3h7sJHlTOa5agRmGqS1uLbzWWxXSolAU8X6/FFO/7/cTOJBCVW0z02
R1GNIVuf8mJA0mgGZ3DDJy0RV/dnco3VO4LoRKy2uQHnz3XHWaKnZkrmkBmt+eGK
ZevSmz4OVVf6B/w8rx4BcAajdlGWS89epGZSeAPnZeTPeixQE7E6uOhRaGPif0h4
0JP4GsDbKNUjod7DnVEKkDV0bHxc2Z+SEQyBihahtvdSxwe2W0N5ZdMejHbw2f8f
kN+0EYIGbOdPJYAP0c35PKLyfhlDrUwF/iPNx2k+tTls1T8qX//gb8PuZoF0k2Ro
zO9MYrZTlM819fN1Y4oqpUsB1dhDgcPstQx8ptqI6KDVJP61KUgRv/ADga9cLulo
nYPDfcqd+swJUZxRnUgeJuwmsYDF8BZTUQJmR48wTiBCQEqrQN4PSyD11RZLcJUv
lUrKhv6zINxknlNMPyb72NMIcSfW1iMwc0SiuYNElY+pSliBrPyZ0jC8+Bhpt0QL
eFvKwmGRTnoWp6Ly7iK2nI8uwp5zS0bCKrjw7ZpVmh97vslA2iA+7yxohqNV7po5
mGc8to+TR4jrcCoFZy2E
=SRzi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ