View Issue Details

IDProjectCategoryView StatusLast Update
0001311Main CAcert Websiteaccount administrationpublic2014-10-04 09:50
ReporterRuel Print Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status newResolutionopen 
PlatformDefaultOSWindows 7 
Product Version2014 Q4 
Summary0001311: The check about email during email dispute works incorrect
DescriptionTaken from Ticket s20141001.32
I observed that there was an email disput that fires this mail:
Someone has just attempted to dispute this email 'someone@domain.tld', which belongs to a locked account: xxxxx

By looking at the accounts with 'someone@domain.tld' I find one deleted account following the old delete account predent case which of course is locked.
The second account is an active not blocked account.

The problem seems to be a wrong sql statement where there is no check if the email is deleted.
Steps To ReproduceOpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.
Additional Information<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>git.cacert.org Git - cacert-devel.git/rss - pages/account/19.php history</title>
<link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=history;f=pages/account/19.php</link>
<description>CAcert's authoritative development repository</description>
<language>en</language>
<managingEditor>Software Assessors</managingEditor>
<image>
<url>static/git-logo.png</url>
<title>git.cacert.org Git - cacert-devel.git/rss - pages/account/19.php history</title>
<link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=history;f=pages/account/19.php</link>
</image>
<pubDate>Mon, 29 Mar 2010 07:54:06 +0000</pubDate>
<lastBuildDate>Mon, 29 Mar 2010 07:54:06 +0000</lastBuildDate>
<generator>gitweb v.1.7.10.4/1.7.10.4</generator>
<item>
<title>remove cacert/ prefix</title>
<author>Markus Warg <mw@it-sls.de></author>
<pubDate>Mon, 29 Mar 2010 07:54:06 +0000</pubDate>
<guid isPermaLink="true">https://git.cacert.org/gitweb/?p=cacert-devel.git;a=commitdiff;h=9dceece06fbdc98add6f76f0b1aec05891a394c4</guid>
<link>https://git.cacert.org/gitweb/?p=cacert-devel.git;a=commitdiff;h=9dceece06fbdc98add6f76f0b1aec05891a394c4</link>
<description>remove cacert/ prefix</description>
<content:encoded><![CDATA[
remove cacert/ prefix
]]>
</content:encoded>
</item>
</channel>
</rss>
Tagsvserver
Reviewed by
Test Instructions

Issue History

Date Modified Username Field Change
2014-10-04 09:49 Ruel Print New Issue
2014-10-04 09:49 Ruel Print Issue generated from: 0001310
2014-10-04 09:50 Ruel Print Tag Attached: vserver