Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Jul 2008 17:53:53 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: Links < 2.1 security issue

On Sun, 27 Jul 2008, Pierre-Yves Rofes wrote:

> Anyone investigated this, or even has a clue on the potential impact?
> Not sure if a CVE can be assigned, since this is very (too?) vague...

We operate on the assumption that if a developer says it's a security
issue, it's worth assigning a CVE for.

But you wind up with uninformative descriptions like the one below :-/

- Steve

Name: CVE-2008-3329
Status: Candidate
Reference: CONFIRM:

Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.