Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 09:28:14 -0500 (EST)
To: Salvatore Bonaccorso <>
cc: OSS Security Mailinglist <>,
        CVE Assignments MITRE <>
Subject: Re: Possible CVE request: sympa: vulnerability in the web interface

On Tue, 20 Jan 2015, Salvatore Bonaccorso wrote:

> Hi
> I would like to ask if a CVE could be assigned for the following issue
> (it is not clear if upstream has already requested one):
> The advisory reads:
>> A vulnerability have been discovered in Sympa web interface that
>> allows access to files on the server filesystem.
>> This breach allows to send to a list or a user any file readable by
>> the Sympa user, located on the server filesystem, using the Sympa web
>> interface newsletter posting area.
> Upstream patch:
> Thanks in advance,
> Regards,
> Salvatore

Use CVE-2015-1306.


CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ