oss-sec mailing list archives
Re: CVE request: OSClass directory traversal vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 04 Apr 2012 10:41:02 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/03/2012 02:43 AM, Henri Salo wrote:
On Mon, Apr 02, 2012 at 11:45:12AM -0600, Kurt Seifried wrote:The actual blog entry: http://osclass.org/blog/2012/03/05/osclass-2-3-6/ doesn't mention anything about directory traversal. Do you have a link on their site, or the commit showing the problem or the fix? -- Kurt Seifried Red Hat Security Response Team (SRT)http://osclass.org/blog/2012/03/05/osclass-2-3-6/ "Special thanks to Filippo Cavallarin again for reporting a security vulnerability in combine.php file. If you’re using that file in your theme, I strongly recommend to update it. Please, remember to visit the wiki if you don’t know how to update OSClass." Here is the diff: https://github.com/osclass/OSClass/commit/09aa689ae424dc2bec6f857e7179ae4afdbbd2a9#diff-4
Full changelog: http://doc.osclass.org/Changelog
Fixed in 2.3.6. - Henri Salo
Thanks Henri, that's exactly the kind of information CVE requests need =) Please use CVE-2012-1617 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPfHmdAAoJEBYNRVNeJnmTyYgP/iqYXXfZRp1hnDZZwJPThFqC CfV+eIaol1nzRZqYsyeeWFyXIM3IWOq8EKR15erAdQ4aQOt641SdE4QXysTc0FEd WU+PdS7qOPDj4ToJ9aHQk+hyXJ+Dv7iae7C2i4dqT49CLPT6vPQvR5WpGDz9iNLg OxB2lpPzXqPktiOLpqtSvQGsQfhs3cv3eWjU/XxpW9d/nTdnh2k968oVZAJ9NQo1 c+LY7S102i3JamQWKK2oEPHyG1qksM1PzPOAQxgpumuNbdbxW2z+jPEHlOk7csdD 7S757Pnw+zVJoMXmnLvLRjy5AhZ01OWMDXutAvfzuRLpTY+3hBO0M7eRA1HIOeWX bdwhhXcdX6IgQalwEBpbIAiycMdoNagRIQg9rIaNtZUPKOaYEVKrivXM/djSGH51 FzoODhy8Q8wDFW16FSjy78CMtXu+t+jLON29QyZvRktf/XXatCf99iWHi3JNpKpj dD+imFbYYaGXMCPR3fESsIw6IBH5JEa4zkrUMkKGsbwo7JHHkS4RRSzvC7nhsSsF t4hawiAvgW/Ipe8gmkFSNZvhK+3AJqGall9xiIQuUkNBuEWgc/dazNuYQgMyC3ns PzViz72meMUE1eMBTqIck18O3kPJe+C3IbdIpGd/niEzuCepYNt86h60Jxaokm+V 9iPDgi+3SkRsieKizSZ/ =4bO1 -----END PGP SIGNATURE-----
Current thread:
- CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Henri Salo (Apr 03)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 04)
- Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)