Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 11 Jan 2015 09:38:25 -0500 (EST)
From: cve-assign@...re.org
To: Vasyl Kaigorodov <vkaigoro@...hat.com>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE request: roundcubemail: possible CSRF attacks
 to some address book operations as well as to the ACL and Managesieve plugins


> Hello,
>
> Version 1.0.4 of Roundcube [1] contains a security fix:
> ...
> Security: Fix possible CSRF attacks to some address book operations as
> well as to the ACL and Managesieve plugins.
> ...
>
> Upstream commit:
> https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
>
> [1]: http://roundcube.net/news/2014/12/18/update-1.0.4-released/
>
> Can a CVE be assigned to this please?
>
> References:
> https://bugs.gentoo.org/show_bug.cgi?id=534766
> https://bugzilla.redhat.com/show_bug.cgi?id=1179780

Use CVE-2014-9587.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ