Date: Fri, 11 May 2012 23:58:33 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: micah <micah@...eup.net> Subject: Re: CVE request: sympa (try again) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/11/2012 12:03 PM, micah wrote: > > Hi, > > Please assign a CVE for Sympa, any version prior to 6.1.11. It is > possible to open the archive management ("arc_manage") page for > any list, even those set to only be available to members, giving > anyone the option to download the archive, or delete the archive. > > http://www.sympa.org/distribution/latest-stable/NEWS > https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358 > > thank you, micah > > ps - for some reason the previous message is formatted strange, so > I'm sending this one without the signature > Ok I see this one and several more: ================================ 6.1.11 May 11, 2012 Bug fixes:  wwsympa/wwsympa.fcgi.in: Fixing a potential security issue related to archives ================================ 6.1.1 October 22, 2010 This version includes a lots news such as DKIM support, autosignoff footer link included in lists messages, ... Various vulnerability have been solved in 6.1.1 : cross side scripting, cross-Site request forgeries, brute force attack, DOS. These vulnerabilities were identified with the help of P. Gardenat (Rectorat de Rennes) during a security audit on Sympa. - --------------------- web_tt2/error.tt2, wwsympa/wwsympa.fcgi.in: Now shared document can't be read or edited unless list is open. This is a security fix ================================ 6.0 1st October 2009 Security: - - [reported by T. Retout] SQL injection threat removed by using place holders instead of direct sprint in a query. - - [Submitted by N. Bertrand, univ. Minnesota] Basic logs in debug don't issue the password unencrypted in the logs for function Auth::ldap_authentication. This way, this password won't be sent unencrypted to a possible syslog server. - - [#4439] [#4440] [reported by O.Berger] security vulnerability which use a file in /tmp. - - [#4430] store temporary files in Sympa's own tmp directory instead of /tmp to prevent symlink attacks ================================ Can you confirm these and I will assign CVE's for the outstanding issues. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPrfwJAAoJEBYNRVNeJnmTjwYP/RYT1um9+14sKMs2iTsribGZ i2X3m7LtkNUT29614x+Pw87fVFTeIGxvJ8vM0uyUvvZn2QsflmASHGhzAlLu60u4 2Nm+FrXCoqmF7YRwFlxO1blMgSAYt8aDunot4dkTl8x6MWfM265y/Ft2r3dssiun LT52nal/4RZSFbx0YYfzxQPkwZLtsEo9XFMF9lttH3j7NuyMlG/trPFMWrpWJ23w RkPMkO4VrPp9oZkFO+2MJij9v4H9IwiVbptINk1cEkCEYWpdZrgLX1TrtfCGgYeP M0qawndp/J3Js6ZniVbOaMKyodyTcZnc4ajW7a0T4xY01h947J9JgqmCMUqKZ8GX zyR7R4TJMarNjkfg7jj2iBg6QdqM1owJ2fELnrZN6n0MER2TZ0BI/+A5Og9OBk+j 1dXEuiO/sYkaLNJiMwlsHIZEnGdGVCmZgp0p8XhJfsRi23mWfnyI+qGVMBx5vGDW TCJ2aELsr1cWL4CPM3hxrzXu4WYh6DGYisGxhYNq2jEkfd0ctLomQCn4FgAHV+M6 EEBODxFyVqYBwjnl3FS+EMtzFGU/4UHYxo8tXquwt2T9BjaTSz7b1FYD4ViQ658e WVkf63xNP8IorjpJjMiwhItS+ImbK2YIvyy7vHe6/pN0OdVNm7O94mcDXTlgowRa Zan9zvykYeNxXFA+5ugX =IC7h -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ