[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Piwik < 0.6.4 Arbitrary file
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-07-29 14:03:12
Message-ID: 282412323.31981280412192803.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2786

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang@gmail.com> wrote:

> An arbitrary file inclusion vulnerability is fixed by the latest
> Piwik
> 0.6.4 release.  The advisory is (or will be) published here:
> http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/
> 
> Description:
> 
> Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
> file inclusion using a directory traversal pattern in a crafted
> request for a data renderer.
> 
> This vulnerability is rated critical, and Piwik users are strongly
> encouraged to update to the latest version of Piwik.
> 
> The Piwik project and community thanks Enrico Razza for reporting the
> issue.
[prev in list] [next in list] [prev in thread] [next in thread]