oss-sec mailing list archives
Re: CVE request - SPIP: 2 vulnerabilities
From: cve-assign () mitre org
Date: Tue, 15 Mar 2016 10:23:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
SPIP. Both are present in 3.x before 3.0.22 and 2.x before 2.1.19:
* PHP code injection when handling content. This is fixed in https://core.spip.net/projects/spip/repository/revisions/22911 (defining the function itself is enoug, as the global mechanism for filters in SPIP automatically tries to lookup and filtre_foo_dist if it exists)
Use CVE-2016-3153.
* Objects injection when deserializing untrusted input. This is fixed in https://core.spip.net/projects/spip/repository/revisions/22903
Use CVE-2016-3154. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW6BpiAAoJEL54rhJi8gl5khAP+wfeb29voowCOZSZYznOyuAm mZd1AEHj4y+TJYzyFyqrf0MfQj7WmnJ6OO0icPz2bUol1V2LAL0MItkO4iNhqBJ5 X/vIOC1xjEG9VN+q+IFrT9+SkBC/NI8VhFUAO1NdgsGeIfu9EX2NanIEHWgR1aFE yKddPKTz7a8YCRrvLXBIawC8sOuQM4TTiyOx4FozZWO9YMP5uQ/8zXX9JlzOBylh rW2ZPNYNCh5H4B8w8WFfNPwcFhX9LF2vFh6PXbAuIxJNjyyDrn6tt0Ukznrdzn75 tvA3MtdhIHdIIbwk8cEQvov1+8dndFhzCCDVX1SIP97XQ9G9A+9O/ukWslOij9HK zcxaTTegDO5tXBHhJnTbUrh042tSH1yhHR11PSNN/BGmZjQamDWOP0z7dHKPCIDa Qx6VbY/jXriAoZRBdz2L5+10wtBwFkH3AWTPn0jmZCZOO0dNBECTZD703bPfWxVG HnGaiOFknxV+nW5LfaxYYLmqdz/pqaaYGg+3k7QgsuUkD4Y73YXLoMgGq8TB+M88 zFzxVzIpKbcoJaoyDthvu2EfwpgIQxWDTQ2nytA35E5O8hfL0naLXEySY88QFSZ7 HGX0+E4vakm2UAW5CrpC1/d8AFgyOwiS5Pe3u5BaX4sV6rHlwD10tIlnG5tvY+LT /N0GgEWADL0Zf1kown/g =D4wB -----END PGP SIGNATURE-----
Current thread:
- CVE request - SPIP: 2 vulnerabilities Sébastien Delafond (Mar 15)
- Re: CVE request - SPIP: 2 vulnerabilities cve-assign (Mar 15)