oss-sec mailing list archives
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 28 Nov 2012 10:37:40 -0700
* [2012-11-28 18:13:42 +0100] Ricardo Mones wrote:
Hi Vincent, On Wed, Nov 28, 2012 at 09:44:53AM -0700, Vincent Danen wrote:* [2012-11-15 13:36:13 +0100] Ricardo Mones wrote: > This has been reported on our bugzilla: > http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782 > > There's still not fix available. Could a CVE id be allocated for this if >appropriate? > > thanks in advance, > >P.S.: I'm not subscribed to the list. I don't know if this ever got a CVE or not; if it did I don't see a reference. Also, according to this bug report it's fixed, but I can't find the patch in your CVS tracker. Can you provide a link to it?Unfortunately tracker only tracks changes to core, not to plugins, but the patch it's commited also into the Debian packaging, so this link may serve: http://anonscm.debian.org/gitweb/?p=users/mones/claws-mail-extra-plugins.git;a=commitdiff;h=a3f91d21b32dd0b63b28ccb0c6f7a73939b14c9aAnd, if a CVE hasn't been assigned, perhaps Kurt or someone could assign one?It't got one, but seems the list was not included in recipients:Please use CVE-2012-5527 for this issue.
Fantastic, thank you for both of these. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 15)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Kurt Seifried (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)