Date: Thu, 22 Jan 2015 09:28:14 -0500 (EST) From: cve-assign@...re.org To: Salvatore Bonaccorso <carnil@...ian.org> cc: OSS Security Mailinglist <oss-security@...ts.openwall.com>, CVE Assignments MITRE <cve-assign@...re.org> Subject: Re: Possible CVE request: sympa: vulnerability in the web interface On Tue, 20 Jan 2015, Salvatore Bonaccorso wrote: > Hi > > I would like to ask if a CVE could be assigned for the following issue > (it is not clear if upstream has already requested one): > https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting > > The advisory reads: > >> A vulnerability have been discovered in Sympa web interface that >> allows access to files on the server filesystem. >> >> This breach allows to send to a list or a user any file readable by >> the Sympa user, located on the server filesystem, using the Sympa web >> interface newsletter posting area. > > Upstream patch: https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.1-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=11562&r2=11778&view=patch > > Thanks in advance, > > Regards, > Salvatore Use CVE-2015-1306. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ