Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 20 Jul 2015 15:23:23 +0200
From: "Jason A. Donenfeld" <zx2c4@...too.org>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Seth Arnold <seth.arnold@...onical.com>, cve-assign@...re.org
Subject: Re: siege: off-by-one in load_conf()

Hi folks,

Chiming in on behalf of Gentoo Security Team. Bug report here, see
comment 5: https://bugs.gentoo.org/show_bug.cgi?id=554914#c5

In sum, I also fail to see how this is a security issue. Does anybody
make siege SUID, or give it untrusted input, or anything like that?
@ago - what's the attack vector you have in mind with this bug? Feel
free to find me in #gentoo-security if you want to work out
conversationally what you have in mind with this finding.

Jason

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.