Date: Mon, 04 Nov 2013 21:43:25 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org Subject: possible CVE request: Tryton client input sanitization flaw Hello, An input sanitization flaw was found in the Tryton client: http://lists.debian.org/debian-security-announce/2013/msg00203.html https://bugs.tryton.org/issue3446 http://hg.tryton.org/tryton/rev/357d0a4d9cb8 A malicious server could use this flaw to write to files accessible to the user running the Tryton client. There is some discussion in issue3446 about why a CVE may not be needed (starting at msg14493), and msg14507 notes a CVE could have possibly been assigned via OpenBSD ... so I defer to the CVE experts. Cheers, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.