Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <282412323.31981280412192803.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 29 Jul 2010 10:03:12 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: Piwik < 0.6.4 Arbitrary file
 inclusion

Please use CVE-2010-2786

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang@...il.com> wrote:

> An arbitrary file inclusion vulnerability is fixed by the latest
> Piwik
> 0.6.4 release.  The advisory is (or will be) published here:
> http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/
> 
> Description:
> 
> Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
> file inclusion using a directory traversal pattern in a crafted
> request for a data renderer.
> 
> This vulnerability is rated critical, and Piwik users are strongly
> encouraged to update to the latest version of Piwik.
> 
> The Piwik project and community thanks Enrico Razza for reporting the
> issue.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.