Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 18:05:53 +0200
From: Christian Hoffmann <christian@...fie.info>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: zarafa-autorespond suffers from a
 potential local privilege escalation

Hi Martin,

as far as I know, this issue has already been assigned a CVE. I was
about to post the number here, but as the internal ticket IDs do not
match as I expected, I refrain from doing so in order to avoid confusion.

I am not sure if Zarafa contacts are on this list, but I will forward
this mail so that they can confirm/clarify publicly.

So, for now, I don't think a new CVE should be assigned. Either Zarafa
or me will send an update shortly.

Kind regards,

Christian


On 09/21/2015 02:58 PM, Martin Prpic wrote:
> Hi,
> 
> The following bug was reported to Red Hat:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1263006
> 
> The issue is noted as "zarafa-autorespond suffers from a potential local
> privilege escalation" in the zarafa changelog:
> 
> https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt
> 
> Patch:
> 
> https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff
> 
> Can a CVE be assigned for this issue?
> 
> Thanks!
> 



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ