Date: Mon, 21 Sep 2015 18:05:53 +0200 From: Christian Hoffmann <christian@...fie.info> To: oss-security@...ts.openwall.com Subject: Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Hi Martin, as far as I know, this issue has already been assigned a CVE. I was about to post the number here, but as the internal ticket IDs do not match as I expected, I refrain from doing so in order to avoid confusion. I am not sure if Zarafa contacts are on this list, but I will forward this mail so that they can confirm/clarify publicly. So, for now, I don't think a new CVE should be assigned. Either Zarafa or me will send an update shortly. Kind regards, Christian On 09/21/2015 02:58 PM, Martin Prpic wrote: > Hi, > > The following bug was reported to Red Hat: > > https://bugzilla.redhat.com/show_bug.cgi?id=1263006 > > The issue is noted as "zarafa-autorespond suffers from a potential local > privilege escalation" in the zarafa changelog: > > https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt > > Patch: > > https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff > > Can a CVE be assigned for this issue? > > Thanks! > Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ