Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <222873656.467105.1302295052562.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Fri, 8 Apr 2011 16:37:32 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests : Liferay 6.0.6

Sorry for the delay, this one was bigger than a breadbox so I needed to
find a block of time to handle it.

----- Original Message -----
> Hello,
> 
> version 6.0.6 of Liferay correct 3 security vulnerabilities related to
> the processing of XSLT content and 2 XSS.
> 
> The full 6.0.6 Changelog :
> http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
> 
> Remote command execution :
> http://issues.liferay.com/browse/LPS-14726

Use CVE-2011-1501


> Arbitrary file disclosure via XXE :
> http://issues.liferay.com/browse/LPS-14927

Use CVE-2011-1502


> XSL/XML file disclosure via file:// :
> http://issues.liferay.com/browse/LPS-13762

Use CVE-2011-1503


> XSS vulnerability :
> http://issues.liferay.com/browse/LPS-11506

Use CVE-2011-1504


> XSS in message boards :
> http://issues.liferay.com/browse/LPS-12628

Use CVE-2011-1570


Thanks

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.