Re: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> suPHP 0.7.2 has been released.
> This release fixes a security issue that was introduced with the 0.7.0
> release. This issue affected the source-highlighting feature and could
> only be exploited, if the suPHP_PHPPath option was set. In this case
> local users which could create or edit .htaccess files could possibly
> execute arbitrary code with the privileges of the user the webserver
> was running as.

Use CVE-2014-1867. A commit reference isn't strictly necessary, but
without one we sometimes wait a short time for further information
before sending a CVE assignment, in case the issue (for example)
actually had multiple vulnerability types.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS+BvwAAoJEKllVAevmvmsl7QH/jw1FQDZ72Y6+iFXRxoNH/zF
vFWiTpi7G6TG9vM9H25iPn8tqwhWZLvHRrxmdjQ3E95PaRE7kNgNTs0ju9HuCein
1+JZ+PGZvCuTcKQgesW2/0XgEIX1OK0eTXsvS4joZ1FS2m4ODzZ7eoEX02fn5rqB
VWiV+X80MAv0HO/SAcf4mhuAz6iofEjVbEL+1+/QCMpO12CGFCIZRF0nXoFvjdRh
gWNIhVn88IifPP4Vvo3sfIinAMEcN/7CeMiRZ2nf4hkuTQlIaKD6SEfKFQK+T20c
9mBKxA0Mj0P4fDkqm7EZk612OP9pi2cox0V3+GaIzbQQpaP3RAEpkmyJZNY9zSU=
=IuVz
-----END PGP SIGNATURE-----