Date: Fri, 11 May 2012 14:03:21 -0400 From: micah <micah@...eup.net> To: oss-security@...ts.openwall.com Subject: CVE request: sympa (try again) Hi, Please assign a CVE for Sympa, any version prior to 6.1.11. It is possible to open the archive management ("arc_manage") page for any list, even those set to only be available to members, giving anyone the option to download the archive, or delete the archive. http://www.sympa.org/distribution/latest-stable/NEWS https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358 thank you, micah ps - for some reason the previous message is formatted strange, so I'm sending this one without the signature --
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ