Date: Fri, 2 Oct 2015 16:19:15 +0200 From: Gilles Chehade <gilles@...lp.org> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: oss-security <oss-security@...ts.openwall.com>, misc <misc@...nsmtpd.org> Subject: Re: CVE requests: Critical vulnerabilities in OpenSMTPD On Fri, Oct 02, 2015 at 03:29:31PM +0200, Jason A. Donenfeld wrote: > I haven't looked at these commits yet but: > > If a local user sends a message to a remote address, does this > outgoing connection open up this remote vulnerability vector? > It would still require a local user to do it and it would still only affect an unprivileged process. -- Gilles Chehade https://www.poolp.org @poolpOrg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.