oss-sec mailing list archives
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Sep 2013 19:23:52 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2013 12:27 PM, Henri Salo wrote:
Please assign 2013 CVE for SMF vulnerabilities, thanks. Fixes at least XSS issues. No reply from vendor when I asked if there is CVE(s) assigned already. Advisory: http://www.simplemachines.org/community/index.php?topic=509417 Diff: http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4
Can
you provide a summary of the diff? thanks.
Other references: http://osvdb.org/96323 http://secunia.com/advisories/54384/ --- Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSN68nAAoJEBYNRVNeJnmT3awQAJcqKAx/vWODnmMoNb4BJiN4 GurFg3oImCiTC/ocVoYXPE3fri7/i4utfI2NaiDt6fgrHZMBhcFVoFEeweDnIk8j JA4zzqmeBTPvEP4nKUfJNaIUVa513k77Y72dBmhCYUmQ/eH6ViPgjnKAkUHIMRXZ pviUV7wMJT5YWiLMhZfqZKDm5/I+4c3e4MVrflD7Tl5p5Fd3L+Rtb31bEXhezUZ4 fOu5YLblLDV/qikIIYaGkfJ9ZH7MzRr6YB5HOOO8lZiIdZk+nxAkjsITWoEjxSQJ Fz2b/9N8xZiEhN3O9crXu3x+Spzz5y2a9k3CpzWdlPGoakH2C4eERzrtuqCbEzBs 6T1H/cotjY4m5W+k3AmF5n0Vr8vkEbMrRsWE4IerOwygt4iuiy023MPCHcOs8dJu La7abPxzZ2Ks3SY6QpL7plek83gLbfO1KYbvhzXXO97lDSD5VaP/QfYp6r2G8+Zs Y7mUyUoPfFBfnp6GeJbSVzL6r4sOnHikpatQoISjZ8FfukesMpjSv+uuf6gYkHzO s5AGpzUiAkwfWEd0SL2oQFrpuhQz3rSPmDb+GoN2YrKX/yLlc6ehFh0JlqXhxP8W N3wAQDv5TRKKhfSFfaOxXJO3CCpfM2BicHj0R8MLHTus6G/wgqQo7hRtCOgkIPXa Md6eV1Keirpym02yaMjm =uCxB -----END PGP SIGNATURE-----
Current thread:
- CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 15)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)