Date: Fri, 20 Apr 2012 16:18:16 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com CC: security-2012@...irrelmail.org Subject: CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 Hi, A Red Hat Security Advisory RHSA-2012:0103 for squirrelmail packages shipped in Red Hat Enterprise Linux 4 and 5 claim to have fixed CVE-2010-2813 issue. However, the patch for this issue was not applied correctly and hence the issue was not fixed as stated in the advisory. A situation like this requires the assignment of a new, vendor-specific CVE for the broken/incomplete fix. Thus, CVE-2012-2124 has been assigned to this issue. We apologize to upstream / distros for the confusion this additional CVE assignment may cause and want to make it explicit this is assigned to an issue in RHEL packages unlikely to affect anyone else (except of RHEL downstream distros). References: Red Hat bug 814671: https://bugzilla.redhat.com/show_bug.cgi?id=814671 Thanks and kind regards, -- Stefan Cornelius / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ