oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for radicale

From: cve-assign () mitre org
Date: Thu, 7 Jan 2016 13:23:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


here are for me the 3 real independent vulnerabilities
reported and fixed in 1.1:


OK, we will keep the two CVE IDs already assigned in

  http://www.openwall.com/lists/oss-security/2016/01/06/4

and add one more CVE ID for the third issue.



3. "On MS Windows the filesystem backend allows access to the first
level of files on a drive."

The filesystem backend is the default storage backend. When used, it 
converts paths like /c:/filename/dummy to c:\filename, and allowing 
anybody to read/write anything anywhere, by sending requests with 
particular paths and contents.


Use CVE-2016-1505.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWjqzGAAoJEL54rhJi8gl5ls8P/3X6IIeZYgpQ9bwDGeVTdPiu
qkeJl0cLsikGu2+uyfSTVA5s869DUXERPHLAAVq96LJBm6uWK/w22Z+3D8QPZBqF
IjfR5uMe6HMizpBEiJb2MXWBS1kcjKBOU7kJKBHbToYnJCzhX8WIPW7EG69W/d+/
K4ILFTTXwO/bZunY4wdIM08mE+LQZZEvdGTLm8roIGoorl/qC/ox0ZSWx+mmkf2p
PY/KPSnIPG/4gfF+50lCtluV73fI0i1m9si6IBSlwaWA9Bij1tBrtmj+TnBCKu5n
KW8nRQYwGK6WKh9xZ87fxavRh7jnrwWUYNGpK/NC11DANGa9PLkz4w/oufEm3G00
4Zxd7orjvO81bD3UHiv8hYPEAHtkqBxyoDItctR+yZ0owFDd/EbrIie9yPGheeW8
EgosX7xs5nQ/YNIip2FdGZvS+kjhMvf0O/teO6exdMGlPv1UnFwCl67XyRbp8qt3
+8kaEzAgib84Jg/jEvE353MJ+kHS0FJaA6GI282lRC13OZfLVqi621KXr7xVqstD
WCb0wOza2tCsmcE3nvMqmqKpIrWk+O5MPtcq5yXmpQV/LonJIqF5gQUcrW0iKEdM
LFrSp20MgnrX31nRSlSvNiTijcZBCPqgi+yBhuFLbtYs95YAlLhXen7oB53NF8zn
YEwGYy/Oa476zqRq3/FP
=SRvk
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: