Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  7 Jan 2016 13:23:24 -0500 (EST)
From: cve-assign@...re.org
To: guillaume.ayoub@...ea.fr
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for radicale

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> here are for me the 3 real independent vulnerabilities
> reported and fixed in 1.1:

OK, we will keep the two CVE IDs already assigned in

  http://www.openwall.com/lists/oss-security/2016/01/06/4

and add one more CVE ID for the third issue.


> 3. "On MS Windows the filesystem backend allows access to the first
> level of files on a drive."
> 
> The filesystem backend is the default storage backend. When used, it 
> converts paths like /c:/filename/dummy to c:\filename, and allowing 
> anybody to read/write anything anywhere, by sending requests with 
> particular paths and contents.

Use CVE-2016-1505.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWjqzGAAoJEL54rhJi8gl5ls8P/3X6IIeZYgpQ9bwDGeVTdPiu
qkeJl0cLsikGu2+uyfSTVA5s869DUXERPHLAAVq96LJBm6uWK/w22Z+3D8QPZBqF
IjfR5uMe6HMizpBEiJb2MXWBS1kcjKBOU7kJKBHbToYnJCzhX8WIPW7EG69W/d+/
K4ILFTTXwO/bZunY4wdIM08mE+LQZZEvdGTLm8roIGoorl/qC/ox0ZSWx+mmkf2p
PY/KPSnIPG/4gfF+50lCtluV73fI0i1m9si6IBSlwaWA9Bij1tBrtmj+TnBCKu5n
KW8nRQYwGK6WKh9xZ87fxavRh7jnrwWUYNGpK/NC11DANGa9PLkz4w/oufEm3G00
4Zxd7orjvO81bD3UHiv8hYPEAHtkqBxyoDItctR+yZ0owFDd/EbrIie9yPGheeW8
EgosX7xs5nQ/YNIip2FdGZvS+kjhMvf0O/teO6exdMGlPv1UnFwCl67XyRbp8qt3
+8kaEzAgib84Jg/jEvE353MJ+kHS0FJaA6GI282lRC13OZfLVqi621KXr7xVqstD
WCb0wOza2tCsmcE3nvMqmqKpIrWk+O5MPtcq5yXmpQV/LonJIqF5gQUcrW0iKEdM
LFrSp20MgnrX31nRSlSvNiTijcZBCPqgi+yBhuFLbtYs95YAlLhXen7oB53NF8zn
YEwGYy/Oa476zqRq3/FP
=SRvk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ