Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server.
Summary: squirellmail security update CVE-2017-7692 => squirrelmail security update CVE-2017-7692Source RPM: squirellmail => squirrelmail
CC: (none) => marja11Assignee: bugsquad => luigiwalserQA Contact: (none) => securityComponent: RPM Packages => Security
CC: (none) => mageiaCVE: (none) => CVE-2017-7692URL: http://www.linuxsecurity.com/content/view/171462/170/ => http://www.linuxsecurity.com/content/view/171462/170/ http://www.linuxsecurity.com/content/view/171462/170/
already fixed in cauldron,
Version: Cauldron => 5
We already fixed this. I do appreciate the reports, since you occasionally find one I didn't or beat me to the punch, but please do take a minute to make sure the bug hasn't already been filed. *** This bug has been marked as a duplicate of bug 20703 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE