Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 May 2012 14:03:21 -0400
From: micah <micah@...eup.net>
To: oss-security@...ts.openwall.com
Subject: CVE request: sympa (try again)


Hi,

Please assign a CVE for Sympa, any version prior to 6.1.11. It is
possible to open the archive management ("arc_manage") page for any
list, even those set to only be available to members, giving anyone the
option to download the archive, or delete the archive.

http://www.sympa.org/distribution/latest-stable/NEWS
https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358

thank you,
micah

ps - for some reason the previous message is formatted strange, so I'm
sending this one without the signature

-- 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ