Date: Wed, 30 Sep 2015 15:20:28 +0200 From: Eric Charles <eric@...che.org> To: server-user@...es.apache.org, Jakub.Palaczynski@...servicespolska.pl, server-dev@...es.apache.org, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com, cert@...t.org Subject: Apache James Server 2.3.2 security vulnerability fixed Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users should upgrade to 220.127.116.11 to be downloaded from http://james.apache.org/download.cgi#Apache_James_Server Credit: This issue was discovered by Palaczynski Jakub <Jakub.Palaczynski@...servicespolska.pl> (recorded as VU#988628 by CERT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.