|
Message-ID: <CAPLnt65ViRVYhN+dapCrzeqvD+N-nT6ZkmziZRP8YcL8Ums0hw@mail.gmail.com> Date: Tue, 3 Mar 2015 18:07:45 -0500 From: Galen Charlton <gmc@...library.com> To: oss-security@...ts.openwall.com Subject: CVE request Hi, As a committer for the Evergreen integrated library system project, I'd like to request CVE number(s) for the following issues in today's security releases. Release announcement: http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/ Security issues resolved with the release: [1] Org Unit Setting View Permissions Can Be Bypassed https://bugs.launchpad.net/evergreen/+bug/1424755 [2] Credit Card Processor settings visible in LSE History https://bugs.launchpad.net/evergreen/+bug/1206589 Both bugs had permitted remote unauthenticated access of confidential application configuration settings. Regards, Galen -- Galen Charlton Infrastructure and Added Services Manager Equinox Software, Inc. / The Open Source Experts email: gmc@...library.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.