mailing list archives
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
From: Ricardo Mones <ricardo () mones org>
Date: Wed, 28 Nov 2012 18:13:42 +0100
On Wed, Nov 28, 2012 at 09:44:53AM -0700, Vincent Danen wrote:
* [2012-11-15 13:36:13 +0100] Ricardo Mones wrote:
This has been reported on our bugzilla:
There's still not fix available. Could a CVE id be allocated for this if
thanks in advance,
P.S.: I'm not subscribed to the list.
I don't know if this ever got a CVE or not; if it did I don't see a
Also, according to this bug report it's fixed, but I can't find the
patch in your CVS tracker. Can you provide a link to it?
Unfortunately tracker only tracks changes to core, not to plugins, but
the patch it's commited also into the Debian packaging, so this link may
And, if a CVE hasn't been assigned, perhaps Kurt or someone could assign
It't got one, but seems the list was not included in recipients:
Please use CVE-2012-5527 for this issue.
00:45 < hammar> cool.. have you used rssyl?
00:46 <@Ticho> um, yes Seen on #sylpheed
Description: Digital signature