Date: Tue, 3 Apr 2012 11:43:51 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE request: OSClass directory traversal vulnerability On Mon, Apr 02, 2012 at 11:45:12AM -0600, Kurt Seifried wrote: > The actual blog entry: http://osclass.org/blog/2012/03/05/osclass-2-3-6/ > > doesn't mention anything about directory traversal. Do you have a link > on their site, or the commit showing the problem or the fix? > > -- > Kurt Seifried Red Hat Security Response Team (SRT) http://osclass.org/blog/2012/03/05/osclass-2-3-6/ "Special thanks to Filippo Cavallarin again for reporting a security vulnerability in combine.php file. If you’re using that file in your theme, I strongly recommend to update it. Please, remember to visit the wiki if you don’t know how to update OSClass." Here is the diff: https://github.com/osclass/OSClass/commit/09aa689ae424dc2bec6f857e7179ae4afdbbd2a9#diff-4 Full changelog: http://doc.osclass.org/Changelog Fixed in 2.3.6. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.