Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat,  8 Oct 2016 11:34:29 -0400 (EDT)
From: cve-assign@...re.org
To: labs@...dream.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, spip-team-owner@...o.net
Subject: Re: SPIP vulnerabilities: request for 5 CVE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> * Template Compiler/Composer PHP Code Execution
> https://core.spip.net/projects/spip/repository/revisions/23186
> https://core.spip.net/projects/spip/repository/revisions/23189
> https://core.spip.net/projects/spip/repository/revisions/23192

Use CVE-2016-7998.


> * Server Side Request Forgery
> https://core.spip.net/projects/spip/repository/revisions/23188
> https://core.spip.net/projects/spip/repository/revisions/23193

(In other words, the :// substring is rejected to prevent
outbound network traffic.)

Use CVE-2016-7999.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX+RA3AAoJEHb/MwWLVhi2GqIQAKupTLee7N5Q7UpyJJkiM8ek
CHcI1zwsMiH1MKmXkUCxiSW12C7Av9D9AW057G7N18HmL8bIuRHwBUDtsFq6zlAQ
526Vm7CJDRuO74UK2ximr47KodVBd09fJonRl7MPEDXgllppCvkmh/1ctKTdrJ8+
6DKd5ErXO/zoAWFIgfXwXllYBFKnzrH9gqYJO8X1T5UFQ/Mka6WDzkVH83h4D96e
8dcrHT9yISaF8kyPf/qwrkgxEzXE4lfECZZI4sVI4lu1KCVAtx07DiWXAT+D7VW2
BuTylk9PxONmGmL6ZTeYSEOSYT+QqheBn2ZniSpS4r7M9dAytKtjxFSR2a3AFXu9
9F6uyTdOcKJZv1hhBg6O6eGYQlip83KvySAXm+USPd90oU3DDEqhisVl211ZNqWj
pj4Pl8gTAftRWlZz//URJvpwATa1r0hl1fnuBdQxnfdoPvhiMNqQBBu8BICJXTby
Hc9A/6RLMX4kFmzg+ReqTnFlg2xGroplayg8u/oAH/C0c5tId9m34i2/rX1B9naY
lfpjHADIejCh+FEU6uR23lza6UR8cgNYwrSaexED1y6tG9ec1RdtpohAL9WKf0Kx
BqwWCoKLZYYisfQMtGfD4F4/Qp08F68QkAslfz1xXqeYv1wlHIEDI9xKXpc/fovM
mLEFfwUdXnAHGHUyumCj
=v5y8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ