Bug 20854

Summary: squirrelmail security update CVE-2017-7692
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: David Walser <luigiwalser>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.linuxsecurity.com/content/view/171462/170/ http://www.linuxsecurity.com/content/view/171462/170/
Whiteboard:
Source RPM: squirrelmail CVE: CVE-2017-7692
Status comment:

Description Zombie Ryushu 2017-05-14 14:52:37 CEST 
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a
webmail application, incorrectly handled a user-supplied value. This
would allow a logged-in user to run arbitrary commands on the server.
Zombie Ryushu 2017-05-14 14:53:24 CEST

Summary: squirellmail security update CVE-2017-7692 => squirrelmail security update CVE-2017-7692
Source RPM: squirellmail => squirrelmail

Marja Van Waes 2017-05-14 16:29:30 CEST

CC: (none) => marja11
Assignee: bugsquad => luigiwalser
QA Contact: (none) => security
Component: RPM Packages => Security

Nicolas Lécureuil 2017-05-15 01:06:52 CEST

CC: (none) => mageia
CVE: (none) => CVE-2017-7692
URL: http://www.linuxsecurity.com/content/view/171462/170/ => http://www.linuxsecurity.com/content/view/171462/170/ http://www.linuxsecurity.com/content/view/171462/170/

Comment 1 Nicolas Lécureuil 2017-05-15 01:07:44 CEST 
already fixed in cauldron,

Version: Cauldron => 5

Comment 2 David Walser 2017-05-15 04:06:40 CEST 
We already fixed this.  I do appreciate the reports, since you occasionally find one I didn't or beat me to the punch, but please do take a minute to make sure the bug hasn't already been filed.

*** This bug has been marked as a duplicate of bug 20703 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE