Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests : Liferay 6.0.6

Sorry for the delay, this one was bigger than a breadbox so I needed to
find a block of time to handle it.

----- Original Message -----
> Hello,
> 
> version 6.0.6 of Liferay correct 3 security vulnerabilities related to
> the processing of XSLT content and 2 XSS.
> 
> The full 6.0.6 Changelog :
> http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
> 
> Remote command execution :
> http://issues.liferay.com/browse/LPS-14726

Use CVE-2011-1501


> Arbitrary file disclosure via XXE :
> http://issues.liferay.com/browse/LPS-14927

Use CVE-2011-1502


> XSL/XML file disclosure via file:// :
> http://issues.liferay.com/browse/LPS-13762

Use CVE-2011-1503


> XSS vulnerability :
> http://issues.liferay.com/browse/LPS-11506

Use CVE-2011-1504


> XSS in message boards :
> http://issues.liferay.com/browse/LPS-12628

Use CVE-2011-1570


Thanks

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ