Merge pull request symfony#101 from FriendsOfSilverStripe/silverstripe-security-advisories

fabpot · fabpot · commit 08d81de2e9a7 · 2015-09-10T14:19:44.000+02:00
Silverstripe security advisories
diff --git a/silverstripe/framework/SS-2015-011-1.yaml b/silverstripe/framework/SS-2015-011-1.yaml
@@ -0,0 +1,11 @@
+title:     SS-2015-011: Potential SQL Injection Vulnerability
+link:      http://www.silverstripe.org/software/download/security-releases/ss-2015-011/
+cve:       ~
+branches:
+    3.0.x:
+        time:     2015-05-25 10:52:00
+        versions: [>=3.0.0,<=3.0.13]
+    3.1.x:
+        time:     2015-05-25 10:52:00
+        versions: [>=3.1.0,<3.1.13]
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2015-014-1.yaml b/silverstripe/framework/SS-2015-014-1.yaml
@@ -0,0 +1,11 @@
+title:     SS-2015-014: Vulnerability on "isDev", "isTest" and "flush" $_GET validation
+link:      http://www.silverstripe.org/software/download/security-releases/ss-2015-014/
+cve:       ~
+branches:
+    3.0.x:
+        time:     2015-05-28 13:05:00
+        versions: [>=3.0.0,<=3.0.13]
+    3.1.x:
+        time:     2015-05-28 13:05:00
+        versions: [>=3.1.0,<3.1.13]
+reference: composer://silverstripe/framework
diff --git a/silverstripe/userforms/SS-2015-018-1.yaml b/silverstripe/userforms/SS-2015-018-1.yaml
@@ -0,0 +1,8 @@
+title:     SS-2015-018: File upload exposure on UserForms module
+link:      http://www.silverstripe.org/software/download/security-releases/ss-2015-018/
+cve:       ~
+branches:
+    3.0.x:
+        time:     2015-08-31 14:32:00
+        versions: [<3.0.0]
+reference: composer://silverstripe/userforms
