Date: Tue, 31 Aug 2010 15:40:17 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE id request: libc fortify source information disclosure ----- "Nico Golde" <oss-security+ml@...lde.de> wrote: > Hi, > http://seclists.org/fulldisclosure/2010/Apr/399 > did this ever get a CVE id? As this also works for setuid programs it > would be > nice to get one assigned and have this patched. > Steve, What is MITRE policy on this one. By itself I question if this is a security flaw, but it also would appear to have the potential to turn a DoS into something worse. I'm not sure what policy is in this instance. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ