oss-sec mailing list archives

Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation

From: Christian Hoffmann <christian () hoffie info>
Date: Mon, 21 Sep 2015 19:09:14 +0200

On 09/21/2015 06:05 PM, Christian Hoffmann wrote:

So, for now, I don't think a new CVE should be assigned. Either Zarafa
or me will send an update shortly.


Zarafa was quick and has updated the ChangeLog accordingly:
https://download.zarafa.com/community/beta/7.2/changelog-7.2.txt

As expected, this issue has been assigned CVE-2015-6566.

From what I can see, no new CVE needs to be assigned here.

On 09/21/2015 02:58 PM, Martin Prpic wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=1263006

The issue is noted as "zarafa-autorespond suffers from a potential local
privilege escalation" in the zarafa changelog:


Kind regards,

Christian

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request: zarafa-autorespond suffers from a potential local privilege escalation Martin Prpic (Sep 21)
- Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)
  - Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)