[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request - Open Flash Chart v2
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-12-14 22:37:45
Message-ID: 2029530517.1304211260830265766.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Here's a link to the Secunia advisory as a reference:
http://secunia.com/advisories/37078/

Please use CVE-2009-4140 for this.

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang@gmail.com> wrote:

> The Piwik project released an advisory re: the inclusion of
> ofc_upload_image.php -- a potentially exploitable file from the
> php-ofc-library offered by the Open Flash Chart project.
> 
> -
> http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/
> 
> Since Open Flash Chart is used by web sites and open source projects,
> a common CVE makes sense.
> 
> Open Flash Chart:  Affected v2 Beta 1 through v2 Lug Wyrm Charmer. 
> Fixed: no
> Piwki:  Affected: 0.2.35 through 0.4.3.  Fixed in 0.4.4.  (Removed
> file)
> Open Web Analytics:  Affected: 1.2.  Fixed in svn.  (Removed file)
> 
> Other web sites/projects:
> -
> http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik
> - http://www.google.com/codesearch?q=ofc_upload_image.php

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]