Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE requests : Liferay 6.0.6 Sorry for the delay, this one was bigger than a breadbox so I needed to find a block of time to handle it. ----- Original Message ----- > Hello, > > version 6.0.6 of Liferay correct 3 security vulnerabilities related to > the processing of XSLT content and 2 XSS. > > The full 6.0.6 Changelog : > http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 > > Remote command execution : > http://issues.liferay.com/browse/LPS-14726 Use CVE-2011-1501 > Arbitrary file disclosure via XXE : > http://issues.liferay.com/browse/LPS-14927 Use CVE-2011-1502 > XSL/XML file disclosure via file:// : > http://issues.liferay.com/browse/LPS-13762 Use CVE-2011-1503 > XSS vulnerability : > http://issues.liferay.com/browse/LPS-11506 Use CVE-2011-1504 > XSS in message boards : > http://issues.liferay.com/browse/LPS-12628 Use CVE-2011-1570 Thanks -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.