Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2011 10:04:25 +0300
From: Henri Salo <>
To: Josh Bressers <>
Subject: Re: CVE request: piwik before 1.6

On Sun, Oct 23, 2011 at 02:41:17PM -0400, Josh Bressers wrote:
> The advisory just says there are a bunch of security fixes by all these
> people, with no actual information. Such vagueness is only going to create
> confusion, which will create extra work for me if I try to assign IDs to
> such an advisory.

Now there is information in the URI.


- Affect all Piwik users that have let granted some access to the "anonymous" user
- Remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code
- Versions affected Piwik 1.2, 1.3, and 1.4
- Credits: Neal Poole

These details should be enough information for CVE assignment. I can also verify this issue if you want for every version? If there isn't enough details I can dig more :)

Best regards,
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.