Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jan 2014 14:30:15 +0400
From: Sergey Popov <pinkbyte@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: Cantata vulnerability

I would like to request CVE for vulnerability in Cantata[1], which
allows attacker to steal valuable information from user's home directory
via internal HTTP server, that are not properly handled requests and
allows to download every file it has access to from host, where it runs.

More details can be acquired from upstream bugreport[2].

[1] - https://code.google.com/p/cantata/
[2] - https://code.google.com/p/cantata/issues/detail?id=356

-- 
Best regards, Sergey Popov
Gentoo developer
Gentoo Desktop Effects project lead
Gentoo Qt project lead
Gentoo Proxy maintainers project lead


Download attachment "signature.asc" of type "application/pgp-signature" (556 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.