Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Oct 2016 16:35:57 +0200
From: Sysdream Labs <labs@...dream.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com, spip-team-owner@...o.net
Subject: Re: SPIP vulnerabilities: request for 5 CVE

Thanks.

> 
> Is there public information about this already on an spip.net web site
> (such as a Redmine revision) or the https://sysdream.com/news/lab/ web
> site? Is this unrelated to the valider_xml.php script?
> 

All the fixes related to the issues are here:

* https://core.spip.net/projects/spip/repository/revisions/23179
* https://core.spip.net/projects/spip/repository/revisions/23180
* https://core.spip.net/projects/spip/repository/revisions/23181
* https://core.spip.net/projects/spip/repository/revisions/23182
* https://core.spip.net/projects/spip/repository/revisions/23183
* https://core.spip.net/projects/spip/repository/revisions/23184
* https://core.spip.net/projects/spip/repository/revisions/23185
* https://core.spip.net/projects/spip/repository/revisions/23186
* https://core.spip.net/projects/spip/repository/revisions/23187
* https://core.spip.net/projects/spip/repository/revisions/23188
* https://core.spip.net/projects/spip/repository/revisions/23189
* https://core.spip.net/projects/spip/repository/revisions/23190
* https://core.spip.net/projects/spip/repository/revisions/23191
* https://core.spip.net/projects/spip/repository/revisions/23192
* https://core.spip.net/projects/spip/repository/revisions/23193
* https://core.spip.net/projects/spip/repository/revisions/23200
* https://core.spip.net/projects/spip/repository/revisions/23201
* https://core.spip.net/projects/spip/repository/revisions/23202


We will point to the revision numbers in our announcements.

So we still need CVE for :

* Template Compiler/Composer PHP Code Execution

https://core.spip.net/projects/spip/repository/revisions/23186
https://core.spip.net/projects/spip/repository/revisions/23189
https://core.spip.net/projects/spip/repository/revisions/23192

* Server Side Request Forgery
https://core.spip.net/projects/spip/repository/revisions/23188
https://core.spip.net/projects/spip/repository/revisions/23193

Best regards,
-- 
SYSDREAM Labs <labs@...dream.com>

GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1

* Website: https://sysdream.com/
* Twitter: @sysdream




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ