oss-sec mailing list archives
Re: CVE requests : Liferay 6.0.6
From: Josh Bressers <bressers () redhat com>
Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT)
Sorry for the delay, this one was bigger than a breadbox so I needed to find a block of time to handle it. ----- Original Message -----
Hello, version 6.0.6 of Liferay correct 3 security vulnerabilities related to the processing of XSLT content and 2 XSS. The full 6.0.6 Changelog : http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 Remote command execution : http://issues.liferay.com/browse/LPS-14726
Use CVE-2011-1501
Arbitrary file disclosure via XXE : http://issues.liferay.com/browse/LPS-14927
Use CVE-2011-1502
XSL/XML file disclosure via file:// : http://issues.liferay.com/browse/LPS-13762
Use CVE-2011-1503
XSS vulnerability : http://issues.liferay.com/browse/LPS-11506
Use CVE-2011-1504
XSS in message boards : http://issues.liferay.com/browse/LPS-12628
Use CVE-2011-1570 Thanks -- JB
Current thread:
- Re: CVE requests : Liferay 6.0.6 Nicolas Grégoire (Apr 06)
- <Possible follow-ups>
- Re: CVE requests : Liferay 6.0.6 Josh Bressers (Apr 08)
- Re: CVE requests : Liferay 6.0.6 Josh Bressers (Apr 11)