Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jan 2014 13:44:49 -0500 (EST)
From: cve-assign@...re.org
To: fweimer@...hat.com, guido+openwall.com@...hoerster.name
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: tmux local denial of service (2009)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> allows users to override the socket path using the -S command line option.

We'd like to consider this ineligible for a CVE unless there's new
information. In many cases, "ability to cause an inconvenience" is not
sufficient for a CVE assignment. The nature of the application
apparently makes it unlikely that this would, for example, disrupt
unattended root-executed scripts that have a hardcoded tmux command
line.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzu1/AAoJEKllVAevmvmskekH/2A4wotaBeyRrTUT99tKnoCd
DOizyyQys3yF+1+UnV95nuaa6JKChsZvK96Q5U3fhJ94Sqw4Cq04q2Kac5MBTHub
E/R8/gNru8TlDKq3IGwBmigQYjXO56p3nps/a6b/NcZ0DhT2JBm+VTCUgJMtTs2Z
hAEhNr5fvihRUdlpfyGNT2PXdGqcHZZSdEqB1oMkNAAEKGSNNOlKK+lzQhi6SBIp
TPOVizxKKjG0xBXxlCfkla+uJnOYHWaVYTGR+3rfCe71ZKJdpx3mbBDCEu76+ojh
xCUkruwZhtw9XtcSp9OzZEJKhm6gN4QXeSq3ifzZ3v0+f66UrBSjf04ewD9RSkM=
=M+g3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ