Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2029530517.1304211260830265766.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 14 Dec 2009 17:37:45 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request - Open Flash Chart v2

Here's a link to the Secunia advisory as a reference:
http://secunia.com/advisories/37078/

Please use CVE-2009-4140 for this.

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang@...il.com> wrote:

> The Piwik project released an advisory re: the inclusion of
> ofc_upload_image.php -- a potentially exploitable file from the
> php-ofc-library offered by the Open Flash Chart project.
> 
> -
> http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/
> 
> Since Open Flash Chart is used by web sites and open source projects,
> a common CVE makes sense.
> 
> Open Flash Chart:  Affected v2 Beta 1 through v2 Lug Wyrm Charmer. 
> Fixed: no
> Piwki:  Affected: 0.2.35 through 0.4.3.  Fixed in 0.4.4.  (Removed
> file)
> Open Web Analytics:  Affected: 1.2.  Fixed in svn.  (Removed file)
> 
> Other web sites/projects:
> -
> http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik
> - http://www.google.com/codesearch?q=ofc_upload_image.php

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.