0001311: The check about email during email dispute works incorrect - CAcert Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0001311	Main CAcert Website	account administration	public	2014-10-04 09:49	2021-08-25 13:37

Reporter	Ruel Print	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	new	Resolution	open
Platform	Default	OS	Windows 7	OS Version	Ultimate
Product Version	2014 Q4

Summary	0001311: The check about email during email dispute works incorrect
Description	Taken from Ticket s20141001.32 I observed that there was an email disput that fires this mail: Someone has just attempted to dispute this email 'someone@domain.tld', which belongs to a locked account: xxxxx By looking at the accounts with 'someone@domain.tld' I find one deleted account following the old delete account predent case which of course is locked. The second account is an active not blocked account. The problem seems to be a wrong sql statement where there is no check if the email is deleted.
Steps To Reproduce	OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.
Additional Information	<?xml version="1.0" encoding="utf-8"?> <rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"> <channel> <title>git.cacert.org Git - cacert-devel.git/rss - pages/account/19.php history</title> <link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=history;f=pages/account/19.php</link> <description>CAcert's authoritative development repository</description> <language>en</language> <managingEditor>Software Assessors</managingEditor> <image> <url>static/git-logo.png</url> <title>git.cacert.org Git - cacert-devel.git/rss - pages/account/19.php history</title> <link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=history;f=pages/account/19.php</link> </image> <pubDate>Mon, 29 Mar 2010 07:54:06 +0000</pubDate> <lastBuildDate>Mon, 29 Mar 2010 07:54:06 +0000</lastBuildDate> <generator>gitweb v.1.7.10.4/1.7.10.4</generator> <item> <title>remove cacert/ prefix</title> <author>Markus Warg <mw@it-sls.de></author> <pubDate>Mon, 29 Mar 2010 07:54:06 +0000</pubDate> <guid isPermaLink="true">https://git.cacert.org/gitweb/?p=cacert-devel.git;a=commitdiff;h=9dceece06fbdc98add6f76f0b1aec05891a394c4</guid> <link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=commitdiff;h=9dceece06fbdc98add6f76f0b1aec05891a394c4</link> <description>remove cacert/ prefix</description> <content:encoded><![CDATA[ remove cacert/ prefix [https://git.cacert.org/gitweb/?p=cacert-devel.git;a=blobdiff;f=pages/account/19.php;fp=pages/account/19.php;h=6a2749c7c9f22f9d6270fca3319d2d8f1d922996;hp=0000000000000000000000000000000000000000;hb=9dceece06fbdc98add6f76f0b1aec05891a394c4;hpb=5b68967def224a00f54eb54946ff17301bbd3cdb] pages/account/19.php ]]> </content:encoded> </item> </channel> </rss>
Tags	vserver

Reviewed by
Test Instructions

Date Modified	Username	Field	Change
2014-10-04 09:49	Ruel Print	New Issue
2014-10-04 09:49	Ruel Print	Issue generated from: 0001310
2014-10-04 09:50	Ruel Print	Tag Attached: vserver
2021-08-25 13:37	bdmc	Relationship added	related to 0000769