oss-sec mailing list archives
Re: CVE-request: CakePHP XXE injection
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 03 Sep 2012 02:23:18 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/02/2012 11:35 PM, Henri Salo wrote:
Could you assign 2012 CVE-identifier for this issue? Original advisory: http://seclists.org/bugtraq/2012/Jul/101 Vendor security advisory: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
OSVDB: http://osvdb.org/show/osvdb/84042
"CakePHP 2.1.5 and 2.2.1 have just been released. If you are using CakePHP's `Xml` class, you should upgrade as soon as possible." - Henri Salo
Please use CVE-2012-4399 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQRGj2AAoJEBYNRVNeJnmTZs8QANnwWgywgyQEVVTB/cZo/GWG sCtVM/1tvipO3hwb67Bde1zaILYf75XMFtrpTwmIUaK3AKdzwMxg0RJt4A0Xuu6L MlXbDuEsXXiFrkRg+sxmlIM1cOBcWkktOCnyvduff/RR9MElpETq8B9z8/8lONDt L8YfEHszpUeLPIDwg+6g/IdcdaLfk3ZK7lVGgEzls8+nJJh1oKWb4kKbM7sLOYrL W9Fo0SysfYQtJCeObcAdgtytMBZHjZWoxTGTYN/uOJkOg6/kgT7yx1UkZe0gFBjA xvbKec1jaIGXhrukZ59gcGJx//wQV9dOLKOnozwTXGlKWMcnWW15gvVHUadjWxOp EYvU5p5NbBZ3IAvI730M2+bAsjyJH8jJKzFc+vMlhgVHOo6asrtkz6bUxUO4Xysi bRW7DlO5TC9wyu4okmbqGZnuF81JAan/k88RGbmfLf2JlwmCXMayumsTXv/GTm7B fM9Q9zfOgOuk09aefkT/QjcrSstQs9qbsGx7crQd46OT36/kP6Pms7yalGtb0lZW eFqQwWRnThd6pfEXWuMkcSbseA0BIlGWaFvzgBwYGxvojhme7tLd3k3qaQ1vPAPi ffVtOgnadUifSqP7p3NNq6juDz+fySLtefIGAnaB4Mfr9VViczvD6pYe2sGKzP4X S9VsUFjhNa3Rqd9G8c51 =TRQe -----END PGP SIGNATURE-----
Current thread:
- CVE-request: CakePHP XXE injection Henri Salo (Sep 02)
- Re: CVE-request: CakePHP XXE injection Kurt Seifried (Sep 03)