-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/21/2013 01:48 PM, Yves-Alexis Perez wrote: > Hi, > > Movable Type 4.38 has been released few weeks ago, fixing a > security issue in the upgrade page. > > More information can be found at [1] but basically it looks like > missing input sanitation on the mt-upgrade.cgi page. > > As far as I can tell, no CVE has been allocated yet, could someone > allocate one? > > Regards, > > [1]: > http://www.movabletype.org/2013/01/movable_type_438_patch.html
Please use CVE-2013-0209 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ/hI+AAoJEBYNRVNeJnmT1mMP/jDNdTdLcLUW2LXXZIO5L7yp P8krZsVT0A6jNJA4EK3wC/i7XPq8tWVW6zpRJhHEvyvpLovmu97EpIF/ULZxqmM6 mFrtoaJzoqjTKKeHyLlEg2e0TOiMzo8vLGj/T6AoD8phV+1feu12I5AbMBun+41y inhcNDXZnL5qU8YCNWcY/YpfuheTbRlCehqt94RvIa2/24QFW7HXl9JxIsnZ0k2H RKERnL5daWorHxjuonUzZRz6N2ApES1py/d67eBSlnYtXr6KLMJzQA2NImkQpykL 094cywuPp5hMjNiPf+RaVnLqJCzaJE6q6PP/iApWrA2id/BfyOEkLgygWr6zIwnG PYpqk94PmFlCcVjU0hXC3g8rXyvMf04iIQm5A52RLwr0VRMNvuW6Bbyu+RTHItTl bviGHmscpeEfCm+K7SH8bCXKsVaMEyYOJlNq7HpgDDj3ry9QoF6cf+vkHYI6SbG3 w4Jsv3CDBRRNKunjN6Fp0se3s72LtcB2VUbcmNyMTzF4Qgx0tHD3w0lAsT64ukt6 +zlaCHK6MZiGTmUUGvv3wpOSp1LD0clfv8uhU7rn9H/vUR6X/IZGZKmB3e1Eeoak 7tzkgR7SRYuagxZtqmQ413LZqoZ0CoSxW2toEg72ROX3JK2PtiSDFJAIEmIPSa2K kxWM2tY4evMUUqqOkQMl =XScr -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
