[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: dotclear before 2.2.3
From: JcDenis <jcdenis () gdwd ! com>
Date: 2011-04-15 19:14:52
Message-ID: loom.20110415T210947-398 () post ! gmane ! org
[Download RAW message or body]
Josh Bressers <bressers@...> writes:
>
>
> ----- Original Message -----
> > My french isn't that good:
> > http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3
> >
> > But that sounds like a security issue:
> > "Pour en revenir Ă cette version, signalons qu'elle contient la
> > correction d'une faille de sécurité signalée il y a quelque temps par
> > Raphaël — que nous remercions au passage —, ainsi qu'une correction
> > attendue pour la génération manuelle des miniatures."
>
> Please use CVE-2011-1584.
>
> The google translate is pretty vague, if someone has more details please
> speak up:
>
> "To come back to this version, note that it contains the
> correcting a security flaw reported some time ago by
> Raphael - we appreciate the way - and a correction
> expected to generate manual thumbnail. "
>
> Thanks.
>
Hello Josh,
Yes it's a security issue. Little more detail here:
http://www.arcabit.com/english/home/a-flaw-in-dotclear
or here:
http://dev.dotclear.org/2.0/changeset/3427
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic