Date: Mon, 21 Sep 2015 18:05:53 +0200 From: Christian Hoffmann <christian@...fie.info> To: oss-security@...ts.openwall.com Subject: Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Hi Martin, as far as I know, this issue has already been assigned a CVE. I was about to post the number here, but as the internal ticket IDs do not match as I expected, I refrain from doing so in order to avoid confusion. I am not sure if Zarafa contacts are on this list, but I will forward this mail so that they can confirm/clarify publicly. So, for now, I don't think a new CVE should be assigned. Either Zarafa or me will send an update shortly. Kind regards, Christian On 09/21/2015 02:58 PM, Martin Prpic wrote: > Hi, > > The following bug was reported to Red Hat: > > https://bugzilla.redhat.com/show_bug.cgi?id=1263006 > > The issue is noted as "zarafa-autorespond suffers from a potential local > privilege escalation" in the zarafa changelog: > > https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt > > Patch: > > https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff > > Can a CVE be assigned for this issue? > > Thanks! > Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.