{ "schema_version": "1.7.0", "id": "MGASA-2014-0380", "published": "2014-09-22T08:31:24Z", "modified": "2014-09-22T08:17:11Z", "summary": "Updated zarafa packages fix multiple vulnerabilities", "details": "Updated zarafa packages fix security vulnerabilities:\n\nRobert Scheck reported that Zarafa's WebAccess stored session information,\nincluding login credentials, on-disk in PHP session files. This session file\nwould contain a user's username and password to the Zarafa IMAP server\n(CVE-2014-0103).\n\nRobert Scheck discovered that the Zarafa Collaboration Platform has multiple\nincorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449,\nCVE-2014-5450).\n", "upstream": [ "CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449", "CVE-2014-5450" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0380.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13822" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "zarafa", "purl": "pkg:rpm/mageia/zarafa?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.1.11-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "zarafa", "purl": "pkg:rpm/mageia/zarafa?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.1.11-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }