[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2011 10:04:25 +0300
From: Henri Salo <henri@...v.fi>
To: Josh Bressers <bressers@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: piwik before 1.6
On Sun, Oct 23, 2011 at 02:41:17PM -0400, Josh Bressers wrote:
> The advisory just says there are a bunch of security fixes by all these
> people, with no actual information. Such vagueness is only going to create
> confusion, which will create extra work for me if I try to assign IDs to
> such an advisory.
Now there is information in the URI.
Facts:
- Affect all Piwik users that have let granted some access to the "anonymous" user
- Remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code
- Versions affected Piwik 1.2, 1.3, and 1.4
- Credits: Neal Poole
These details should be enough information for CVE assignment. I can also verify this issue if you want for every version? If there isn't enough details I can dig more :)
Best regards,
Henri Salo
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
