Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 09 Feb 2017 00:47:08 +0100
From: Christian Boltz <>
Subject: Re: CVE request: PostfixAdmin allows to delete protected aliases


Am Dienstag, 7. Februar 2017, 20:12:24 CET schrieb
> >
> > 
> > Thanks to a missing permission check, domain admins can delete
> > aliases they are not allowed to delete (for example abuse@, which
> > the server admin might have setup so that he gets all abuse mails).
> > 
> >> Fix security hole in AliasHandler
> Use CVE-2017-5930.


I released PostfixAdmin 3.0.2 which includes the fix for this bug (and 
some non-security bugs).

I also submitted updated packages to openSUSE Tumbleweed, Leap 42.2 and 
42.1. (Tracking bug: )


Christian Boltz
In most cases, XSLT is good enough. But I agree, for some parts
you need Aspirin. ;-)        [Thomas Schraitle in opensuse-doc]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ