Add an entry for mail/sympa < 6.1.11 (CVE-2012-2352)

1 files changed, 31 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index dea278e87ed0..e79aeac73ba8 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -52,6 +52,37 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="78c39232-a345-11e1-9d81-d0df9acfd7e5">
+    <topic>sympa -- Multiple Security Bypass Vulnerabilities</topic>
+    <affects>
+      <package>
+        <name>sympa</name>
+        <range><lt>6.1.11</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Secunia team reports:</p>
+        <blockquote cite="http://secunia.com/advisories/49045/">
+          <p>Multiple vulnerabilities have been reported in Sympa, which can be
+             exploited by malicious people to bypass certain security
+             restrictions.</p>
+          <p>The vulnerabilities are caused due to the application allowing
+             access to archive functions without checking credentials. This can
+             be exploited to create, download, and delete an archive.</p>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-2352</cvename>
+      <url>http://secunia.com/advisories/49045/</url>
+    </references>
+    <dates>
+      <discovery>2012-05-14</discovery>
+      <entry>2012-05-21</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="495b46fd-a30f-11e1-82c9-d0df9acfd7e5">
     <topic>foswiki -- Script Insertion Vulnerability via unchecked user registration fields</topic>
     <affects>