Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 May 2014 15:02:40 -0400
From: Chris Reffett <>
Subject: Re: Re: CVE request: X2Go Server privilege escalation

On 5/19/2014 3:01 AM, wrote:
>> I don't see a CVE assigned for the vulnerability announced here:
>> It appears that this is a privilege escalation through injecting
>> backticks, but I'm not absolutely sure. It is fixed as of versions
>> in the following commits:
> Use CVE-2013-7383.
> Please clarify whether there is a fourth required commit. (The
> first commit was listed twice in your original message.)
Sorry about that, my mistake. The second commit should have been:;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256
So yes, there are four commits. Thanks for the catch!

Chris Reffett

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ