Date: Mon, 20 Jul 2015 15:23:23 +0200 From: "Jason A. Donenfeld" <zx2c4@...too.org> To: oss-security <oss-security@...ts.openwall.com> Cc: Seth Arnold <seth.arnold@...onical.com>, cve-assign@...re.org Subject: Re: siege: off-by-one in load_conf() Hi folks, Chiming in on behalf of Gentoo Security Team. Bug report here, see comment 5: https://bugs.gentoo.org/show_bug.cgi?id=554914#c5 In sum, I also fail to see how this is a security issue. Does anybody make siege SUID, or give it untrusted input, or anything like that? @ago - what's the attack vector you have in mind with this bug? Feel free to find me in #gentoo-security if you want to work out conversationally what you have in mind with this finding. Jason
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.