oss-sec mailing list archives
Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation
From: Christian Hoffmann <christian () hoffie info>
Date: Mon, 21 Sep 2015 18:05:53 +0200
Hi Martin, as far as I know, this issue has already been assigned a CVE. I was about to post the number here, but as the internal ticket IDs do not match as I expected, I refrain from doing so in order to avoid confusion. I am not sure if Zarafa contacts are on this list, but I will forward this mail so that they can confirm/clarify publicly. So, for now, I don't think a new CVE should be assigned. Either Zarafa or me will send an update shortly. Kind regards, Christian On 09/21/2015 02:58 PM, Martin Prpic wrote:
Hi, The following bug was reported to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1263006 The issue is noted as "zarafa-autorespond suffers from a potential local privilege escalation" in the zarafa changelog: https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt Patch: https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff Can a CVE be assigned for this issue? Thanks!
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: zarafa-autorespond suffers from a potential local privilege escalation Martin Prpic (Sep 21)
- Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)
- Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)
- Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)