Date: Fri, 11 May 2012 14:03:21 -0400 From: micah <micah@...eup.net> To: oss-security@...ts.openwall.com Subject: CVE request: sympa (try again) Hi, Please assign a CVE for Sympa, any version prior to 6.1.11. It is possible to open the archive management ("arc_manage") page for any list, even those set to only be available to members, giving anyone the option to download the archive, or delete the archive. http://www.sympa.org/distribution/latest-stable/NEWS https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358 thank you, micah ps - for some reason the previous message is formatted strange, so I'm sending this one without the signature --
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.