[Bug 870406] CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jul 24 10:29:03 UTC 2013
https://bugzilla.redhat.com/show_bug.cgi?id=870406
Jan Lieskovsky <jlieskov at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2012-6578,
| |CVE-2012-6579,
| |CVE-2012-6580,
| |CVE-2012-6581
--- Comment #3 from Jan Lieskovsky <jlieskov at redhat.com> ---
The CVE-2012-4735 identifier has been rejected in favour of: CVE-2012-6578,
CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581:
==
Name: CVE-2012-4735
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6578,
CVE-2012-6579, CVE-2012-6580, CVE-2012-6581. Reason: This candidate
is a duplicate of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and
CVE-2012-6581. Notes: All CVE users should reference one or more of
CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581
instead of this candidate. All references and descriptions in this
candidate have been removed to prevent accidental usage.
==
with CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581 description
being as follows:
==
* CVE-2012-6578:
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when
GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's
key for signing, which might allow remote attackers to spoof messages by
leveraging the lack of authentication semantics.
References:
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
==
* CVE-2012-6579:
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when
GnuPG is enabled, allows remote attackers to configure encryption or signing
for certain outbound e-mail, and possibly cause a denial of service (loss of
e-mail readability), via an e-mail message to a queue's address.
References:
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
==
* CVE-2012-6580:
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when
GnuPG is enabled, does not ensure that the UI labels unencrypted messages as
unencrypted, which might make it easier for remote attackers to spoof details
of a message's origin or interfere with encryption-policy auditing via an
e-mail message to a queue's address.
References:
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
==
* CVE-2012-6581:
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when
GnuPG is enabled, allows remote attackers to bypass intended restrictions on
reading keys in the product's keyring, and trigger outbound e-mail messages
signed by an arbitrary stored secret key, by leveraging a UI e-mail signing
privilege.
References:
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=h0BltmVPUy&a=cc_unsubscribe
More information about the perl-devel
mailing list