Date: Sat, 25 May 2013 16:17:22 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: David Prévot <taffit@...ian.org> Subject: CVE Request: SPIP privilege escalation Hi Kurt SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability, where an user can take editorial control on the site. Upstream announce is at  and the upstream commit fixing it is . I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem to be a english translation of the announce available right now).  http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr  http://core.spip.org/projects/spip/repository/revisions/20541  http://bugs.debian.org/709674 Could a CVE be assigned to this issue for better tracking? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.