Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Feb 2013 14:00:22 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Agostino Sarubbo <ago@...too.org>
Subject: Re: CVE request: skunkweb world-readable logdir

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 11:45 AM, Agostino Sarubbo wrote:
> skunkweb, a robust Python web application server, produces a
> world-readable log.
> 
> # ls -la /var/log/skunkweb/sw.log -rw-r--r-- 1 skunkweb skunkweb
> 4529 Feb 24 19:41 /var/log/skunkweb/sw.log
> 
> The development seems dead. Upstream site:
> http://skunkweb.sourceforge.net/
> 

This is not maintained/used much, not assigning a CVE for now.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9DmAAoJEBYNRVNeJnmTOo0P/RjyKdNoYacl23sSapKWCumQ
i0TwRj0A9q2jcJJ4xKiKrMmfqhL7OAZuvyWz1Pm3KuzQdxhZ3Sne1rRy4501Bp+4
TkREQOv50SByHEdozarM3Z5Nos5ysknW4yJIJtCHCFatAxPt0Ksizd+LLeQf7ic7
wSOOzFJPxkRORlTU118+iO+CwWUokuPGxPLiYBFTNtWYCRb+GUH+CdsP+qq64dHa
aWhFouUaCvl+M4uwkSwEAzhe1d4L7BpiRmffJVZKW+ELRkcEyXh1lq848Y8qhBOX
st59h+SJ9NIXrsvO6CSFcHmM2Xk1+sqGLBIZybWUJmn740HVlrE1UdruGE3XUlG1
q3oDBLkUuMb9G0OnsnQjxBzgFRIAemOa7Muv2Lpa7O9PNKJAzcare1Kh+tKfqFrM
QocRESKgXmssg+I+bo8/qOTRNTvnFO2mvogZVqunqFgVOQto3xxq0f8xCVbQh20+
FASnNx59qcEnmPSrxCKfU/Q2WbiF0A48Oobm+8W1zs/6duiqaX0twswSYcmFMcOE
HWonorW8JqMQ6dRbjahcOI9Xo6Gr25yFQN511XcUvukz6kX1SdERo4fMPVup6YKZ
kouTdcyjSNGgHCnCJZ71/ywaSsos3oTdPC6IaWEevC9vzPrwyevN+4cKoFOOSiT2
XwMMxurOOpzoFEAfMxx2
=as7y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.