oss-sec mailing list archives
CVE request: multiple issues in Koha
From: Galen Charlton <gmc () esilibrary com>
Date: Fri, 7 Feb 2014 10:39:41 -0800
Hi, As current release manager for Koha, I'd like to request CVE number(s) for the following issues that were addressed in a security release yesterday. Release announcement: http://koha-community.org/security-release-february-2014/ Issues fixed with the release: [1] tools/pdfViewer.pl could be used to read arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660) [2] the staff interface help editor could be used to modify or create arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661) [3] member-picupload.pl could be used to write to arbitrary files on the server (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662) [4] the MARC framework import/export function did not require authentication, and could be used to perform unexpected SQL commands (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666) Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc () esilibrary com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Current thread:
- CVE request: multiple issues in Koha Galen Charlton (Feb 07)
- Re: CVE request: multiple issues in Koha cve-assign (Feb 09)