Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 29 Jan 2017 07:08:58 -0500
From: <cve-assign@...re.org>
To: <luc.lynx@...dex.ru>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: SSRF issue in the svgsalamander library

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/blackears/svgSalamander/issues/11
> 
> <svg ...
> <image xlink:href="https://host-in-the-trusted-network.com/test.jpg" ...

Use CVE-2017-5617.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYjdlWAAoJEHb/MwWLVhi2lBAP/AmEC5U0G/8Cy1a6By1nTYMC
wdzp7WTuV3rAoSoK7+xkaucNG8zw/clt35a4ngYhN8DQ4IzGRyg078c/UaLt8r/S
flc5I7rR+x9Mdje2M6Z/G8mIh8vnyhFzIIA9s3QFjUu3x5jNSynnLoPfKg/AcJaX
7ZEdeG+30o/6qHQcbCLN/cA4UaShsxwcleuyfe6/O/aSOHPyvEf2arv+N5VmFKyZ
V0MHek+5tqJN+U+mwIk7dj27Vn4kpa1874FwH41+pmE9cfM4oxnLngVlhNUgacgh
oNJY6nGQwp4pudTUfu+i3xRBROYqqhGT6a+e/d/GeTUBqKn36WyFLIZQS4Sltsc0
85TeQgCd2MvkdMGbD7yXV1qu+KssLRBBRmyje3XboF492hzUlFkWy222ZFFKTyrH
nF01Xr9PrzfZh9MYP0ajxJcvdUZq6YmVuso+Y4tiOvuqckJTBDbuMuvM6uW7yl6Q
5nP+ab8tq4EPGjWSy42apEz/h6aQLYXhKlCsdS20RIDbr8XOODPIfcqFC719aG3P
+2TatG980NtI7zYngUYbMy1hNiC5uo9Qx4oRsS1Gp8Z8MxzAgqQsrjbG1vKRzYwn
VtGZrQKV15TyeFPnZJFMQFYnJ1gOW2JjRbe3NXCxpAXYHJMNJvXOohG1onbsNo2C
tmyxTVXIiWa3ptHBeaI6
=UYBx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.