-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Description
===========
A vulnerability in ipsilon was found that allows attacker to log out active
sessions of other users. This issue is related to how it tracks sessions, and
allows an unauthenticated attacker to view and terminate active sessions from
other users.
Affected versions
=================
All versions of Ipsilon 2.0 before 2.0.2 are vulnerable.
All versions of Ipsilon 1.2 before 1.2.1 are vulnerable.
All versions of Ipsilon 1.1 before 1.1.2 are vulnerable.
All versions of Ipsilon 1.0 before 1.0.3 are vulnerable.
Patched versions
================
Ipsilon versions 2.0.2, 1.2.1, 1.1.2 and 1.0.3 are available per direct, and
all include patches to solve this problem.
Credit
======
This issue was reported by Patrick Uiterwijk of Red Hat and Howard Johnson.
Link
====
This advisory is available on https://ipsilon-project.org/advisory/CVE-2016-8638.txt
The version on the website might be updated as more information becomes available.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYMtVRAAoJEIZXmA2atR5QW6QQALvm3ft5OSLx0QbREwHnLJxl
XU9wxmzqbmGJAPt5M09DpyEg5cZvJL8rppdc/zbNnNHUqoP6NG5lCqLzT7uqRXsa
U5gHFYy/qKfD2daG9prf7JcO96dKKBCMxoXbL7/yAV8rFNXYzAjBOKCfknqIKKbx
LJuWbaS57DbyDSHzCCOMjk8sJUYD5eITj0KqwF6PnCbEapUhZ4hJy8Bju6fZfhjF
dZRrPZWUd1La4JHKfd/AdyBf7FG2rQZ+IObcES03raJO++m4bsQwAyx4AMm5uhp1
61Y1LZXX3Y3ROrAiyZjymEdzr/Azue5u7fzBr0Ep54dXhP/JM/eZiEtFlCM77rH0
TV51DSY11lsSFealZ4NePzIlk+IUBSseiSQe0IyO0tNvxJkqE8Rdaz2nxSbcma8B
vPRutre8FnFq2T0o9GL6tlHGBikelBS1+xgbrwsVg+11kGmteJar9dvF8+dqx4wm
bJU8BdHtEkQCYyvGVKfmwvuuMUSphQnhzNg0DWiCFglY8u/OyqlBoh7JZATB/1kV
uGvxCZab2vzkazI/sMPTVLq8+JFNN+UpKZ3xfJeLCEKBoPuKvhs5u+PlSZhfFqug
H9vCtNmlBAmq5LMLTlEuX9Gw2YQHrS9s0AjSZoKxTGmZiZvRE3b4B+kYZhEtaUhT
hva/eK7g3hAwutLZG2Zb
=QDsb
-----END PGP SIGNATURE-----