Date: Tue, 5 May 2009 11:09:49 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com, coley@...re.org Subject: Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) * [2009-05-05 17:20:22 +0200] Nico Golde wrote: >Hi, >* Nico Golde <oss-security+ml@...lde.de> [2009-05-05 17:18]: >> can I get a CVE id for http://bugs.debian.org/526678 >> >> The xvfb-run script used in Debian insecurely passes the X >> magic cookie via the commandline so it's an easy thing to >> grab it with system access. > >YFYI, our maintainer just told me that he thinks this is included >since Fedora 10 in Fedora as well... Thanks for that. It is in Fedora 10; I have to see if it's in older versions. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ