Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 May 2013 07:41:22 -0700
From: Tavis Ormandy <>
Subject: Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability

Matthias Weckbecker wrote:

> Hi,
> has anybody possibly already confirmed this? It might also be worth to
> assign a CVE to this if it turns out to be a reproducible issue.

I can't reproduce here.

It's probably not a good sign that he posted some non-shadow passwords in
the output :)


------------------------------------- | pgp encrypted mail preferred

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.