Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 18:05:53 +0200
From: Christian Hoffmann <>
Subject: Re: CVE request: zarafa-autorespond suffers from a
 potential local privilege escalation

Hi Martin,

as far as I know, this issue has already been assigned a CVE. I was
about to post the number here, but as the internal ticket IDs do not
match as I expected, I refrain from doing so in order to avoid confusion.

I am not sure if Zarafa contacts are on this list, but I will forward
this mail so that they can confirm/clarify publicly.

So, for now, I don't think a new CVE should be assigned. Either Zarafa
or me will send an update shortly.

Kind regards,


On 09/21/2015 02:58 PM, Martin Prpic wrote:
> Hi,
> The following bug was reported to Red Hat:
> The issue is noted as "zarafa-autorespond suffers from a potential local
> privilege escalation" in the zarafa changelog:
> Patch:
> Can a CVE be assigned for this issue?
> Thanks!

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ