oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE requests : Liferay 6.0.6

From: Josh Bressers <bressers () redhat com>
Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT)
Sorry for the delay, this one was bigger than a breadbox so I needed to
find a block of time to handle it.

----- Original Message -----

Hello,

version 6.0.6 of Liferay correct 3 security vulnerabilities related to
the processing of XSLT content and 2 XSS.

The full 6.0.6 Changelog :
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

Remote command execution :
http://issues.liferay.com/browse/LPS-14726


Use CVE-2011-1501



Arbitrary file disclosure via XXE :
http://issues.liferay.com/browse/LPS-14927


Use CVE-2011-1502



XSL/XML file disclosure via file:// :
http://issues.liferay.com/browse/LPS-13762


Use CVE-2011-1503



XSS vulnerability :
http://issues.liferay.com/browse/LPS-11506


Use CVE-2011-1504



XSS in message boards :
http://issues.liferay.com/browse/LPS-12628


Use CVE-2011-1570


Thanks

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: