|
Message-ID: <51A39F63.3030807@redhat.com> Date: Mon, 27 May 2013 12:01:07 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Salvatore Bonaccorso <carnil@...ian.org>, David Prévot <taffit@...ian.org> Subject: Re: CVE Request: SPIP privilege escalation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/25/2013 08:17 AM, Salvatore Bonaccorso wrote: > Hi Kurt > > SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability, > where an user can take editorial control on the site. Upstream announce > is at [1] and the upstream commit fixing it is [2]. > > I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem > to be a english translation of the announce available right now). > > [1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr > [2] http://core.spip.org/projects/spip/repository/revisions/20541 > [3] http://bugs.debian.org/709674 > > Could a CVE be assigned to this issue for better tracking? > > Regards, > Salvatore Please use CVE-2013-2118 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRo59iAAoJEBYNRVNeJnmTGowP/Aw8ICe0RweKkV0oyR35lFkd GGWj34hmYW+AqQAZB9CZ6CwAW7HiDnbUOd607kwu856x8C7fq+C1vRFKQJFBbomg iVu5SJtpAD3XffuzqIV3ufpqAh8Z3u9NLrlfrgRbTOvr08zN5pdsT8mMJTO/2DtU 6mbDG6wnrFOPtYBZLaSJDXroFd69F+uHQn60sK1v07KVlyKtkGHNSsgzhr7GN+zj i4x6hBo5AytQg3tOJfLBvTmJrGU47P71zXNLiON+F+Xow75brLM3DHBI14hfnZqR 5VewPkr+wrrr3ytsypBIlPU79rUcb8OyhdV2ozowB1Iq2s4eWA4r0VFRZ+iXoGqg vOVNivMHadqK3AezGulgOBuVzofysJFX3Wr4o5jx6gsLQn4nj7ZEK/lh6ZGDzJj4 VT2FP5r7sLbMxLj4jGqxmae1Crqe4JtDdFuuEt+oZ/sM2BF0kH+saR1lUkrvvsqC KT/G2f7pivgG/3y3T+sujRvFvnWXykv50mRGG3qgHUBBHuBykaC9Tl2WOHSJiXz2 V4DpesTCmWNMdEtQ7Xue+X8bk8Hg/qE/8wnn2KF6kOPlkHIp7VpTsawE+vzX4bJe PY47QWim4tD0czV1jGn0vE8Af/TNlLgRwf69PXSLvA/97m3KuSDLbC5BL5HoN7za 7IKLZN/XTB3uyOZYEmGb =qn2v -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.