Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <560BE19C.50901@apache.org>
Date: Wed, 30 Sep 2015 15:20:28 +0200
From: Eric Charles <eric@...che.org>
To: server-user@...es.apache.org, Jakub.Palaczynski@...servicespolska.pl, 
 server-dev@...es.apache.org, security@...che.org, 
 oss-security@...ts.openwall.com, bugtraq@...urityfocus.com, 
 cert@...t.org
Subject: Apache James Server 2.3.2 security vulnerability fixed

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: James Server 2.3.2

Description: Apache James Server 2.3.2 has security issue that can let a 
user execute arbitrary system command for servers configured with file 
based user repositories.

Mitigation: 2.3.2 users should upgrade to 2.3.2.1 to be downloaded from 
http://james.apache.org/download.cgi#Apache_James_Server

Credit: This issue was discovered by Palaczynski Jakub 
<Jakub.Palaczynski@...servicespolska.pl> (recorded as VU#988628 by CERT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.