Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 20 Apr 2012 16:18:16 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
CC: security-2012@...irrelmail.org
Subject: CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813
 not fixed in RHSA-2012:0103

Hi,

A Red Hat Security Advisory RHSA-2012:0103 for squirrelmail packages
shipped in Red Hat Enterprise Linux 4 and 5 claim to have fixed
CVE-2010-2813 issue. However, the patch for this issue was not applied
correctly and hence the issue was not fixed as stated in the advisory.

A situation like this requires the assignment of a new, vendor-specific
CVE for the broken/incomplete fix. Thus, CVE-2012-2124 has been assigned
to this issue.

We apologize to upstream / distros for the confusion this additional
CVE assignment may cause and want to make it explicit this is assigned
to an issue in RHEL packages unlikely to affect anyone else (except of
RHEL downstream distros).

References:

Red Hat bug 814671:
https://bugzilla.redhat.com/show_bug.cgi?id=814671

Thanks and kind regards,
-- 
Stefan Cornelius / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.