Date: Mon, 1 May 2017 11:52:20 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Description: Telegram-desktop is the official desktop client for Telegram. During the navigation of my filesystem I found the .TelegramDesktop with 755 permission: drwxr-xr-x 4 ago ago 4096 nov 23 14:30 .TelegramDesktop Affected version: At least from 0.10.19 to 1.0.29 Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2016-10351 Timeline: 2016-11-23: bug discovered and reported to upstream 2017-05-01: blog post about the issue 2017-05-01: CVE assigned Permalink: https://blogs.gentoo.org/ago/2017/05/01/telegram-desktop-insecure-permission-of-home-telegramdesktop-directory/ -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.