Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 3 Mar 2015 18:07:45 -0500
From: Galen Charlton <gmc@...library.com>
To: oss-security@...ts.openwall.com
Subject: CVE request

Hi,

As a committer for the Evergreen integrated library system project,
I'd like to request CVE number(s) for the following issues in today's
security releases.

Release announcement:

http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/

Security issues resolved with the release:

[1] Org Unit Setting View Permissions Can Be Bypassed

https://bugs.launchpad.net/evergreen/+bug/1424755

[2] Credit Card Processor settings visible in LSE History

https://bugs.launchpad.net/evergreen/+bug/1206589

Both bugs had permitted remote unauthenticated access of confidential
application configuration settings.

Regards,

Galen
-- 
Galen Charlton
Infrastructure and Added Services Manager
Equinox Software, Inc. / The Open Source Experts
email:  gmc@...library.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.