oss-sec mailing list archives

CVE Request: SPIP privilege escalation

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 25 May 2013 16:17:22 +0200

Hi Kurt

SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability,
where an user can take editorial control on the site.  Upstream announce
is at [1] and the upstream commit fixing it is [2].

I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem
to be a english translation of the announce available right now).

 [1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
 [2] http://core.spip.org/projects/spip/repository/revisions/20541 
 [3] http://bugs.debian.org/709674

Could a CVE be assigned to this issue for better tracking?

Regards,
Salvatore

Current thread:

CVE Request: SPIP privilege escalation Salvatore Bonaccorso (May 25)
- Re: CVE Request: SPIP privilege escalation Kurt Seifried (May 27)