Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 04 Nov 2013 21:43:25 +1100
From: Murray McAllister <>
Subject: possible CVE request: Tryton client input sanitization flaw


An input sanitization flaw was found in the Tryton client:

A malicious server could use this flaw to write to files accessible to 
the user running the Tryton client.

There is some discussion in issue3446 about why a CVE may not be needed 
(starting at msg14493), and msg14507 notes a CVE could have possibly 
been assigned via OpenBSD ... so I defer to the CVE experts.


Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.