Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Jan 2015 16:45:55 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: CVE Assignments MITRE <>
Subject: Possible CVE request: sympa: vulnerability in the web interface


I would like to ask if a CVE could be assigned for the following issue
(it is not clear if upstream has already requested one):

The advisory reads:

> A vulnerability have been discovered in Sympa web interface that
> allows access to files on the server filesystem.
> This breach allows to send to a list or a user any file readable by
> the Sympa user, located on the server filesystem, using the Sympa web
> interface newsletter posting area.

Upstream patch:

Thanks in advance,


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ