Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Mar 2015 18:07:45 -0500
From: Galen Charlton <>
Subject: CVE request


As a committer for the Evergreen integrated library system project,
I'd like to request CVE number(s) for the following issues in today's
security releases.

Release announcement:

Security issues resolved with the release:

[1] Org Unit Setting View Permissions Can Be Bypassed

[2] Credit Card Processor settings visible in LSE History

Both bugs had permitted remote unauthenticated access of confidential
application configuration settings.


Galen Charlton
Infrastructure and Added Services Manager
Equinox Software, Inc. / The Open Source Experts
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
Supporting Koha and Evergreen: &

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.