oss-sec mailing list archives
CVE request
From: Galen Charlton <gmc () esilibrary com>
Date: Tue, 3 Mar 2015 18:07:45 -0500
Hi, As a committer for the Evergreen integrated library system project, I'd like to request CVE number(s) for the following issues in today's security releases. Release announcement: http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/ Security issues resolved with the release: [1] Org Unit Setting View Permissions Can Be Bypassed https://bugs.launchpad.net/evergreen/+bug/1424755 [2] Credit Card Processor settings visible in LSE History https://bugs.launchpad.net/evergreen/+bug/1206589 Both bugs had permitted remote unauthenticated access of confidential application configuration settings. Regards, Galen -- Galen Charlton Infrastructure and Added Services Manager Equinox Software, Inc. / The Open Source Experts email: gmc () esilibrary com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Current thread:
- Re: CVE Request cve-assign (Jan 03)
- <Possible follow-ups>
- CVE request Daniel Strøm (Jan 08)
- Re: CVE request cve-assign (Jan 11)
- Re: CVE request Daniel Strøm (Jan 11)
- Re: CVE request cve-assign (Jan 11)
- CVE request Galen Charlton (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)
- Re: CVE request - Evergreen Galen Charlton (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)