Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation

[Christian Hoffmann <christian () hoffie info>]

Hi Martin,

as far as I know, this issue has already been assigned a CVE. I was
about to post the number here, but as the internal ticket IDs do not
match as I expected, I refrain from doing so in order to avoid confusion.

I am not sure if Zarafa contacts are on this list, but I will forward
this mail so that they can confirm/clarify publicly.

So, for now, I don't think a new CVE should be assigned. Either Zarafa
or me will send an update shortly.

Kind regards,

Christian


On 09/21/2015 02:58 PM, Martin Prpic wrote:
> Hi,
>
> The following bug was reported to Red Hat:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1263006
>
> The issue is noted as "zarafa-autorespond suffers from a potential local
> privilege escalation" in the zarafa changelog:
>
> https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt
>
> Patch:
>
> https://bugzilla.redhat.com/attachment.cgi?id=1073440&action=diff
>
> Can a CVE be assigned for this issue?
>
> Thanks!

Attachment: signature.asc
Description: OpenPGP digital signature