Date: Mon, 04 Nov 2013 21:43:25 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org Subject: possible CVE request: Tryton client input sanitization flaw Hello, An input sanitization flaw was found in the Tryton client: http://lists.debian.org/debian-security-announce/2013/msg00203.html https://bugs.tryton.org/issue3446 http://hg.tryton.org/tryton/rev/357d0a4d9cb8 A malicious server could use this flaw to write to files accessible to the user running the Tryton client. There is some discussion in issue3446 about why a CVE may not be needed (starting at msg14493), and msg14507 notes a CVE could have possibly been assigned via OpenBSD ... so I defer to the CVE experts. Cheers, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.