Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <85f64f890912140858o24568210p70a95fe4ad28e701@mail.gmail.com>
Date: Mon, 14 Dec 2009 11:58:30 -0500
From: Anthon Pang <anthon.pang@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request - Open Flash Chart v2

The Piwik project released an advisory re: the inclusion of
ofc_upload_image.php -- a potentially exploitable file from the
php-ofc-library offered by the Open Flash Chart project.

- http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/

Since Open Flash Chart is used by web sites and open source projects,
a common CVE makes sense.

Open Flash Chart:  Affected v2 Beta 1 through v2 Lug Wyrm Charmer.  Fixed: no
Piwki:  Affected: 0.2.35 through 0.4.3.  Fixed in 0.4.4.  (Removed file)
Open Web Analytics:  Affected: 1.2.  Fixed in svn.  (Removed file)

Other web sites/projects:
- http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik
- http://www.google.com/codesearch?q=ofc_upload_image.php

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.