oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-request: CakePHP XXE injection

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 03 Sep 2012 02:23:18 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2012 11:35 PM, Henri Salo wrote:

Could you assign 2012 CVE-identifier for this issue?

Original advisory: http://seclists.org/bugtraq/2012/Jul/101 Vendor
security advisory:
http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1



OSVDB: http://osvdb.org/show/osvdb/84042


"CakePHP 2.1.5 and 2.2.1 have just been released. If you are using
CakePHP's `Xml` class, you should upgrade as soon as possible."

- Henri Salo


Please use CVE-2012-4399 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQRGj2AAoJEBYNRVNeJnmTZs8QANnwWgywgyQEVVTB/cZo/GWG
sCtVM/1tvipO3hwb67Bde1zaILYf75XMFtrpTwmIUaK3AKdzwMxg0RJt4A0Xuu6L
MlXbDuEsXXiFrkRg+sxmlIM1cOBcWkktOCnyvduff/RR9MElpETq8B9z8/8lONDt
L8YfEHszpUeLPIDwg+6g/IdcdaLfk3ZK7lVGgEzls8+nJJh1oKWb4kKbM7sLOYrL
W9Fo0SysfYQtJCeObcAdgtytMBZHjZWoxTGTYN/uOJkOg6/kgT7yx1UkZe0gFBjA
xvbKec1jaIGXhrukZ59gcGJx//wQV9dOLKOnozwTXGlKWMcnWW15gvVHUadjWxOp
EYvU5p5NbBZ3IAvI730M2+bAsjyJH8jJKzFc+vMlhgVHOo6asrtkz6bUxUO4Xysi
bRW7DlO5TC9wyu4okmbqGZnuF81JAan/k88RGbmfLf2JlwmCXMayumsTXv/GTm7B
fM9Q9zfOgOuk09aefkT/QjcrSstQs9qbsGx7crQd46OT36/kP6Pms7yalGtb0lZW
eFqQwWRnThd6pfEXWuMkcSbseA0BIlGWaFvzgBwYGxvojhme7tLd3k3qaQ1vPAPi
ffVtOgnadUifSqP7p3NNq6juDz+fySLtefIGAnaB4Mfr9VViczvD6pYe2sGKzP4X
S9VsUFjhNa3Rqd9G8c51
=TRQe
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: