[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Piwik < 0.6.4 Arbitrary file
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-07-29 14:03:12
Message-ID: 282412323.31981280412192803.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2786
Thanks.
--
JB
----- "Anthon Pang" <anthon.pang@gmail.com> wrote:
> An arbitrary file inclusion vulnerability is fixed by the latest
> Piwik
> 0.6.4 release. The advisory is (or will be) published here:
> http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/
>
> Description:
>
> Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
> file inclusion using a directory traversal pattern in a crafted
> request for a data renderer.
>
> This vulnerability is rated critical, and Piwik users are strongly
> encouraged to update to the latest version of Piwik.
>
> The Piwik project and community thanks Enrico Razza for reporting the
> issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic