Candidate: CVE-2014-1613
PublicDate: 2014-05-16 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1613
 http://dotclear.org/blog/post/2014/01/20/Dotclear-2.6.2
 https://labs.mwrinfosecurity.com/advisories/2014/05/14/dotclear-php-object-injection/
Description:
 Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code
 via a serialized object in the dc_passwd cookie to a password-protected
 page, which is not properly handled by (1) inc/public/lib.urlhandlers.php
 or (2) plugins/pages/_public.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Charlie Briggs
Assigned-to:
CVSS: 

Patches_dotclear:
upstream_dotclear: released (2.6.2)
lucid_dotclear: DNE
precise_dotclear: ignored (reached end-of-life)
precise/esm_dotclear: DNE (precise was needed)
saucy_dotclear: ignored (reached end-of-life)
trusty_dotclear: not-affected
trusty/esm_dotclear: DNE (trusty was not-affected)
utopic_dotclear: not-affected
vivid_dotclear: not-affected
vivid/stable-phone-overlay_dotclear: DNE
vivid/ubuntu-core_dotclear: DNE
wily_dotclear: not-affected
xenial_dotclear: not-affected
yakkety_dotclear: DNE
zesty_dotclear: DNE
devel_dotclear: DNE