Re: squirrelmail CVE-2020-14933

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, October 15, 2021 10:36, James B. Byrne via squirrelmail-users wrote:
> n Thu, October 14, 2021 18:09, Paul Lesniewski wrote:
>> On Thu, October 14, 2021 7:28 pm, James B. Byrne via squirrelmail-users
>> wrote:
>>> See:
>>> Has this been patched?
>> There is no vulnerability here.  Per OWASP:
. . .
>> SquirrelMail doesn't qualify for that scenario.  Whoever accepted/assigned
>> this CVE seems to have only taken the word of the reporter, who has no
>> proof that I know of that there is any security issue.  If anyone knows
>> differently, please get in touch.
>> I'll put something on our /security page to reflect the situation.
>> Cheers,
. . .
> I need something done to address this CVE, either by having it removed from
> NIST as invalid or through some sort of patch, meaningless or not, that
> convinces NIST that the issue is resolved.  That probably requires a new CPE,
> and that will no doubt require the FreeBSD port maintainer to issue a version
> upgrade.  Otherwise  I am going to be forced into an unwanted, and evidently
> unnecessary, migration.  For which I have neither the time nor resources to
> effect.
> Regards,

>From the NIST website (

"Software development organizations can submit official comments by contacting
NVD staff ( nvd@xxxxxxxx). The capability exists both for organizations to
manually submit comments and for organizations to log into NVD to issue and
modify comments themselves. We recommend the log in capability for
organizations that are affected by more than a few CVE vulnerabilities."

A developer comment sent to NIST to the effect that SM is not vulnerable would
probably satisfy the auditors (I hope).  If you would be so kind.


***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

squirrelmail-users mailing list
Posting guidelines:
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives:
List info (subscribe/unsubscribe/change options):

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux