Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jan 2020 14:07:09 +0100
From: Matthias Gerstner <matthias.gerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2020-7040: storeBackup: denial of service and
 symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

Hello,

> > Should we tell the site owner his site may have been stolen ?
> 
> Hmm I never bothered to look deeper into the website but now that you're
> pointing to it, it looks strange. I can give the upstream author a hint,
> to check up on his website.

I have heard back from the author and he told me that storebackup.org
never was owned by him, but created by some user of storeBackup, and by
now is completely unrelated to the software. He wants to remove any
reference to the URL from his documentation.

The official upstream website is on GNU Savannah [1].

[1]: https://savannah.nongnu.org/projects/storebackup

Cheers

Matthias

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.