FreeBSD Bugzilla – Attachment 214753 Details for
Bug 245672
mail/sympa: update to 6.2.54 - security fix
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff security/vuxml
vuxml.diff (text/plain), 1.39 KB, created by
geoffroy desvernay
on 2020-05-22 09:17:33 UTC
(
hide
)
Description:
svn diff security/vuxml
Filename:
MIME Type:
Creator:
geoffroy desvernay
Created:
2020-05-22 09:17:33 UTC
Size:
1.39 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 536189) >+++ security/vuxml/vuln.xml (working copy) >@@ -168871,6 +168871,35 @@ > <entry>2005-09-29</entry> > </dates> > </vuln> >+ >+ <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> >+ <topic>sympa -- Denial of service caused by malformed CSRF token</topic> >+ <affects> >+ <package> >+ <name>sympa</name> >+ <range><lt>6.2.54</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Javier Moreno discovered a vulnerability in Sympa web interface that can cause >+ denial of service (DoS) attack.</p> >+ <p>By submitting requests with malformed parameters, this flaw allows to create >+ junk files in Sympaâs directory for temporary files. And particularly by >+ tampering token to prevent CSRF, it allows to originate exessive notification >+ messages to listmasters.</p> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2020-9369</cvename> >+ <url>https://sympa-community.github.io/security/2020-001.html</url> >+ </references> >+ <dates> >+ <discovery>2020-02-24</discovery> >+ <entry>2020-05-22</entry> >+ </dates> >+ </vuln> >+ > </vuxml><!-- EOF --> > <!-- Note: Please add new entries to the beginning of this file. --> > <!-- ex: set ts=8 tw=80 sw=2: -->
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245672
:
213466
|
214753
|
214898
|
214899
|
214900