oss-sec mailing list archives

CVE request

From: Galen Charlton <gmc () esilibrary com>
Date: Tue, 3 Mar 2015 18:07:45 -0500

Hi,

As a committer for the Evergreen integrated library system project,
I'd like to request CVE number(s) for the following issues in today's
security releases.

Release announcement:

http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/

Security issues resolved with the release:

[1] Org Unit Setting View Permissions Can Be Bypassed

https://bugs.launchpad.net/evergreen/+bug/1424755

[2] Credit Card Processor settings visible in LSE History

https://bugs.launchpad.net/evergreen/+bug/1206589

Both bugs had permitted remote unauthenticated access of confidential
application configuration settings.

Regards,

Galen
-- 
Galen Charlton
Infrastructure and Added Services Manager
Equinox Software, Inc. / The Open Source Experts
email:  gmc () esilibrary com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org

Current thread:

Re: CVE Request cve-assign (Jan 03)
- <Possible follow-ups>
- CVE request Daniel Strøm (Jan 08)
  - Re: CVE request cve-assign (Jan 11)
    - Re: CVE request Daniel Strøm (Jan 11)
- CVE request Galen Charlton (Mar 03)
  - Re: CVE request - Evergreen cve-assign (Mar 03)
    - Re: CVE request - Evergreen Galen Charlton (Mar 03)
  - Re: CVE request - Evergreen cve-assign (Mar 03)