Date: Mon, 21 Nov 2011 12:37:35 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com Subject: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Hello Kurt, Steve, vendors, a security flaw was found in the way Shockwave Flash plug-in of the gnash, a GNU flash movie player, performed management of HTTP cookies (they were stored under /tmp directory with predictable name and world- readable permissions). A local attacker could use this flaw to obtain sensitive information. References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649384  https://bugzilla.redhat.com/show_bug.cgi?id=755518 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.