oss-sec mailing list archives
CVE requests : Liferay 6.0.6
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 Mar 2011 09:35:53 +0200
Hello, version 6.0.6 of Liferay correct 3 security vulnerabilities related to the processing of XSLT content and 2 XSS. The full 6.0.6 Changelog : http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 Remote command execution : http://issues.liferay.com/browse/LPS-14726 Arbitrary file disclosure via XXE : http://issues.liferay.com/browse/LPS-14927 XSL/XML file disclosure via file:// : http://issues.liferay.com/browse/LPS-13762 XSS vulnerability : http://issues.liferay.com/browse/LPS-11506 XSS in message boards : http://issues.liferay.com/browse/LPS-12628 Regards, Nicolas Grégoire
Current thread:
- CVE requests : Liferay 6.0.6 Nicolas Grégoire (Mar 29)