oss-security - Re: CVE request: OSClass directory traversal vulnerability

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 3 Apr 2012 11:43:51 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: OSClass directory traversal
 vulnerability

On Mon, Apr 02, 2012 at 11:45:12AM -0600, Kurt Seifried wrote:
> The actual blog entry: http://osclass.org/blog/2012/03/05/osclass-2-3-6/
> 
> doesn't mention anything about directory traversal. Do you have a link
> on their site, or the commit showing the problem or the fix?
> 
> -- 
> Kurt Seifried Red Hat Security Response Team (SRT)

http://osclass.org/blog/2012/03/05/osclass-2-3-6/ "Special thanks to Filippo Cavallarin again for reporting a security vulnerability in combine.php file. If you’re using that file in your theme, I strongly recommend to update it. Please, remember to visit the wiki if you don’t know how to update OSClass."

Here is the diff: https://github.com/osclass/OSClass/commit/09aa689ae424dc2bec6f857e7179ae4afdbbd2a9#diff-4
Full changelog: http://doc.osclass.org/Changelog

Fixed in 2.3.6.

- Henri Salo

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.