Date: Wed, 04 Feb 2015 19:30:09 -0700 From: Kurt Seifried <kseifried@...hat.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, Daniel Stenberg <daniel@...x.se> Subject: MP3::Info file loading from cwd With apologies, this should have been made public some time ago however it fell through the cracks. This is a ow severity issue, it requires significant attack/victim interaction and local access. This was assigned CVE-2013-6499 https://bugzilla.redhat.com/show_bug.cgi?id=1018805 -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ