Bug 20854 - squirrelmail security update CVE-2017-7692
Summary: squirrelmail security update CVE-2017-7692
Status: RESOLVED DUPLICATE of bug 20703
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: David Walser
QA Contact: Sec team
URL: http://www.linuxsecurity.com/content/...
Depends on:
Reported: 2017-05-14 14:52 CEST by Zombie Ryushu
Modified: 2017-05-15 04:06 CEST (History)
2 users (show)

See Also:
Source RPM: squirrelmail
CVE: CVE-2017-7692
Status comment:


Description Zombie Ryushu 2017-05-14 14:52:37 CEST
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a
webmail application, incorrectly handled a user-supplied value. This
would allow a logged-in user to run arbitrary commands on the server.
Zombie Ryushu 2017-05-14 14:53:24 CEST

Summary: squirellmail security update CVE-2017-7692 => squirrelmail security update CVE-2017-7692
Source RPM: squirellmail => squirrelmail

Marja Van Waes 2017-05-14 16:29:30 CEST

CC: (none) => marja11
Assignee: bugsquad => luigiwalser
QA Contact: (none) => security
Component: RPM Packages => Security

Nicolas Lécureuil 2017-05-15 01:06:52 CEST

CC: (none) => mageia
CVE: (none) => CVE-2017-7692
URL: http://www.linuxsecurity.com/content/view/171462/170/ => http://www.linuxsecurity.com/content/view/171462/170/ http://www.linuxsecurity.com/content/view/171462/170/

Comment 1 Nicolas Lécureuil 2017-05-15 01:07:44 CEST
already fixed in cauldron,

Version: Cauldron => 5

Comment 2 David Walser 2017-05-15 04:06:40 CEST
We already fixed this.  I do appreciate the reports, since you occasionally find one I didn't or beat me to the punch, but please do take a minute to make sure the bug hasn't already been filed.

*** This bug has been marked as a duplicate of bug 20703 ***

Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.