[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Jul 2008 17:53:53 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Links < 2.1 security issue
On Sun, 27 Jul 2008, Pierre-Yves Rofes wrote:
> Anyone investigated this, or even has a clue on the potential impact?
> Not sure if a CVE can be assigned, since this is very (too?) vague...
We operate on the assumption that if a developer says it's a security
issue, it's worth assigning a CVE for.
But you wind up with uninformative descriptions like the one below :-/
- Steve
======================================================
Name: CVE-2008-3329
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
Reference: CONFIRM:http://links.twibright.com/download/ChangeLog
Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
