oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - SPIP: 2 vulnerabilities

From: cve-assign () mitre org
Date: Tue, 15 Mar 2016 10:23:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


SPIP. Both are present in 3.x before 3.0.22 and 2.x before 2.1.19:



  * PHP code injection when handling content. This is fixed in
    https://core.spip.net/projects/spip/repository/revisions/22911
    (defining the function itself is enoug, as the global mechanism for
    filters in SPIP automatically tries to lookup and filtre_foo_dist if
    it exists)


Use CVE-2016-3153.



  * Objects injection when deserializing untrusted input. This is fixed
    in https://core.spip.net/projects/spip/repository/revisions/22903


Use CVE-2016-3154.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW6BpiAAoJEL54rhJi8gl5khAP+wfeb29voowCOZSZYznOyuAm
mZd1AEHj4y+TJYzyFyqrf0MfQj7WmnJ6OO0icPz2bUol1V2LAL0MItkO4iNhqBJ5
X/vIOC1xjEG9VN+q+IFrT9+SkBC/NI8VhFUAO1NdgsGeIfu9EX2NanIEHWgR1aFE
yKddPKTz7a8YCRrvLXBIawC8sOuQM4TTiyOx4FozZWO9YMP5uQ/8zXX9JlzOBylh
rW2ZPNYNCh5H4B8w8WFfNPwcFhX9LF2vFh6PXbAuIxJNjyyDrn6tt0Ukznrdzn75
tvA3MtdhIHdIIbwk8cEQvov1+8dndFhzCCDVX1SIP97XQ9G9A+9O/ukWslOij9HK
zcxaTTegDO5tXBHhJnTbUrh042tSH1yhHR11PSNN/BGmZjQamDWOP0z7dHKPCIDa
Qx6VbY/jXriAoZRBdz2L5+10wtBwFkH3AWTPn0jmZCZOO0dNBECTZD703bPfWxVG
HnGaiOFknxV+nW5LfaxYYLmqdz/pqaaYGg+3k7QgsuUkD4Y73YXLoMgGq8TB+M88
zFzxVzIpKbcoJaoyDthvu2EfwpgIQxWDTQ2nytA35E5O8hfL0naLXEySY88QFSZ7
HGX0+E4vakm2UAW5CrpC1/d8AFgyOwiS5Pe3u5BaX4sV6rHlwD10tIlnG5tvY+LT
/N0GgEWADL0Zf1kown/g
=D4wB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: