Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Jul 2008 10:01:00 +0100 (BST)
From: Mark J Cox <>
cc: "Steven M. Christey" <>
Subject: CVE request: condor < 7.0.4

Needs CVE name
leading to:

 	This release fixes a problem causing possible incorrect handling of wild
 	cards in authorization lists. Examples of the configuration variables that
 	specify authorization lists are


 	If a configuration variable uses the asterisk character (*) in
 	configuration variables that specify the authorization policy, it is
 	advisable to upgrade. This is especially true for the use of wild cards in
 	any DENY list, since this problem could result in access being allowed,
 	when it should have been denied. This issue affects all previous versions
 	of Condor.

Thanks, Mark
Mark J Cox / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.