Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130525141722.GA29366@elende>
Date: Sat, 25 May 2013 16:17:22 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: David Prévot <taffit@...ian.org>
Subject: CVE Request: SPIP privilege escalation

Hi Kurt

SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability,
where an user can take editorial control on the site.  Upstream announce
is at [1] and the upstream commit fixing it is [2].

I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem
to be a english translation of the announce available right now).

 [1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
 [2] http://core.spip.org/projects/spip/repository/revisions/20541 
 [3] http://bugs.debian.org/709674

Could a CVE be assigned to this issue for better tracking?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.