Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56002AE1.1030908@hoffie.info>
Date: Mon, 21 Sep 2015 18:05:53 +0200
From: Christian Hoffmann <christian@...fie.info>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: zarafa-autorespond suffers from a
 potential local privilege escalation

Hi Martin,

as far as I know, this issue has already been assigned a CVE. I was
about to post the number here, but as the internal ticket IDs do not
match as I expected, I refrain from doing so in order to avoid confusion.

I am not sure if Zarafa contacts are on this list, but I will forward
this mail so that they can confirm/clarify publicly.

So, for now, I don't think a new CVE should be assigned. Either Zarafa
or me will send an update shortly.

Kind regards,

Christian


On 09/21/2015 02:58 PM, Martin Prpic wrote:
> Hi,
> 
> The following bug was reported to Red Hat:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1263006
> 
> The issue is noted as "zarafa-autorespond suffers from a potential local
> privilege escalation" in the zarafa changelog:
> 
> https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt
> 
> Patch:
> 
> https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff
> 
> Can a CVE be assigned for this issue?
> 
> Thanks!
> 



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.