Date: Tue, 14 Apr 2015 12:02:40 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org Subject: Re: Re: Problems in automatic crash analysis frameworks Hi, On 2015-04-14 11:55 AM, cve-assign@...re.org wrote: > This is mostly a question for the persons who assigned CVE-2015-1318 > and CVE-2015-1862. Should these CVE assignments be interpreted to > mean: > > CVE-2015-1318 - in Apport, an unprivileged user can use a > namespace-based attack because there is an execve by > root after a chroot into a user-specified directory Yes, I assigned CVE-2015-1318 to that specific issue in Apport. Marc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ