oss-sec mailing list archives
Re: SPIP vulnerabilities: request for 5 CVE
From: Sysdream Labs <labs () sysdream com>
Date: Fri, 7 Oct 2016 16:35:57 +0200
Thanks.
Is there public information about this already on an spip.net web site (such as a Redmine revision) or the https://sysdream.com/news/lab/ web site? Is this unrelated to the valider_xml.php script?
All the fixes related to the issues are here: * https://core.spip.net/projects/spip/repository/revisions/23179 * https://core.spip.net/projects/spip/repository/revisions/23180 * https://core.spip.net/projects/spip/repository/revisions/23181 * https://core.spip.net/projects/spip/repository/revisions/23182 * https://core.spip.net/projects/spip/repository/revisions/23183 * https://core.spip.net/projects/spip/repository/revisions/23184 * https://core.spip.net/projects/spip/repository/revisions/23185 * https://core.spip.net/projects/spip/repository/revisions/23186 * https://core.spip.net/projects/spip/repository/revisions/23187 * https://core.spip.net/projects/spip/repository/revisions/23188 * https://core.spip.net/projects/spip/repository/revisions/23189 * https://core.spip.net/projects/spip/repository/revisions/23190 * https://core.spip.net/projects/spip/repository/revisions/23191 * https://core.spip.net/projects/spip/repository/revisions/23192 * https://core.spip.net/projects/spip/repository/revisions/23193 * https://core.spip.net/projects/spip/repository/revisions/23200 * https://core.spip.net/projects/spip/repository/revisions/23201 * https://core.spip.net/projects/spip/repository/revisions/23202 We will point to the revision numbers in our announcements. So we still need CVE for : * Template Compiler/Composer PHP Code Execution https://core.spip.net/projects/spip/repository/revisions/23186 https://core.spip.net/projects/spip/repository/revisions/23189 https://core.spip.net/projects/spip/repository/revisions/23192 * Server Side Request Forgery https://core.spip.net/projects/spip/repository/revisions/23188 https://core.spip.net/projects/spip/repository/revisions/23193 Best regards, -- SYSDREAM Labs <labs () sysdream com> GPG : 47D1 E124 C43E F992 2A2E 1551 8EB4 8CD9 D5B2 59A1 * Website: https://sysdream.com/ * Twitter: @sysdream
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 05)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)
- Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 08)
- Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)