[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
From: Vincent Danen <vdanen () redhat ! com>
Date: 2012-11-28 17:37:40
Message-ID: 20121128173740.GB2689 () redhat ! com
[Download RAW message or body]
* [2012-11-28 18:13:42 +0100] Ricardo Mones wrote:
> Hi Vincent,
>
> On Wed, Nov 28, 2012 at 09:44:53AM -0700, Vincent Danen wrote:
> > * [2012-11-15 13:36:13 +0100] Ricardo Mones wrote:
> >
> > > This has been reported on our bugzilla:
> > > http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782
> > >
> > > There's still not fix available. Could a CVE id be allocated for this if
> > > appropriate?
> > >
> > > thanks in advance,
> > >
> > > P.S.: I'm not subscribed to the list.
> >
> > I don't know if this ever got a CVE or not; if it did I don't see a
> > reference.
> >
> > Also, according to this bug report it's fixed, but I can't find the
> > patch in your CVS tracker. Can you provide a link to it?
>
> Unfortunately tracker only tracks changes to core, not to plugins, but
> the patch it's commited also into the Debian packaging, so this link may
> serve:
>
> http://anonscm.debian.org/gitweb/?p=users/mones/claws-mail-extra-plugins.git;a=commitdiff;h=a3f91d21b32dd0b63b28ccb0c6f7a73939b14c9a
>
> > And, if a CVE hasn't been assigned, perhaps Kurt or someone could assign
> > one?
>
> It't got one, but seems the list was not included in recipients:
>
> > Please use CVE-2012-5527 for this issue.
Fantastic, thank you for both of these.
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic