Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 23 Jan 2020 15:17:27 +0000
From: Nick Boyce <nick.boyce@...il.com>
To: oss-security@...ts.openwall.com
Cc: matthias.gerstner@...e.de
Subject: Re: CVE-2020-7040: storeBackup: denial of service and
 symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

On Wed, 22 Jan 2020 at 13:24, Matthias Gerstner
<matthias.gerstner@...e.de> wrote:
>
> > > Should we tell the site owner his site may have been stolen ?
> >
> > Hmm I never bothered to look deeper into the website but now that you're
> > pointing to it, it looks strange. I can give the upstream author a hint,
[...]
> I have heard back from the author and he told me that storebackup.org
> never was owned by him, but created by some user of storeBackup
[...]
> The official upstream website is on GNU Savannah [1].
> [1]: https://savannah.nongnu.org/projects/storebackup

Thanks Matthias for the clarification.

Nick

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.