oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Sep 2013 19:23:52 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2013 12:27 PM, Henri Salo wrote:

Please assign 2013 CVE for SMF vulnerabilities, thanks. Fixes at
least XSS issues. No reply from vendor when I asked if there is
CVE(s) assigned already.

Advisory:
http://www.simplemachines.org/community/index.php?topic=509417 
Diff:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4


Can



you provide a summary of the diff? thanks.


Other references: http://osvdb.org/96323 
http://secunia.com/advisories/54384/

--- Henri Salo




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSN68nAAoJEBYNRVNeJnmT3awQAJcqKAx/vWODnmMoNb4BJiN4
GurFg3oImCiTC/ocVoYXPE3fri7/i4utfI2NaiDt6fgrHZMBhcFVoFEeweDnIk8j
JA4zzqmeBTPvEP4nKUfJNaIUVa513k77Y72dBmhCYUmQ/eH6ViPgjnKAkUHIMRXZ
pviUV7wMJT5YWiLMhZfqZKDm5/I+4c3e4MVrflD7Tl5p5Fd3L+Rtb31bEXhezUZ4
fOu5YLblLDV/qikIIYaGkfJ9ZH7MzRr6YB5HOOO8lZiIdZk+nxAkjsITWoEjxSQJ
Fz2b/9N8xZiEhN3O9crXu3x+Spzz5y2a9k3CpzWdlPGoakH2C4eERzrtuqCbEzBs
6T1H/cotjY4m5W+k3AmF5n0Vr8vkEbMrRsWE4IerOwygt4iuiy023MPCHcOs8dJu
La7abPxzZ2Ks3SY6QpL7plek83gLbfO1KYbvhzXXO97lDSD5VaP/QfYp6r2G8+Zs
Y7mUyUoPfFBfnp6GeJbSVzL6r4sOnHikpatQoISjZ8FfukesMpjSv+uuf6gYkHzO
s5AGpzUiAkwfWEd0SL2oQFrpuhQz3rSPmDb+GoN2YrKX/yLlc6ehFh0JlqXhxP8W
N3wAQDv5TRKKhfSFfaOxXJO3CCpfM2BicHj0R8MLHTus6G/wgqQo7hRtCOgkIPXa
Md6eV1Keirpym02yaMjm
=uCxB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: