oss-sec mailing list archives
Re: CVE id request: libc fortify source information disclosure
From: Josh Bressers <bressers () redhat com>
Date: Tue, 31 Aug 2010 15:40:17 -0400 (EDT)
----- "Nico Golde" <oss-security+ml () ngolde de> wrote:
Hi, http://seclists.org/fulldisclosure/2010/Apr/399 did this ever get a CVE id? As this also works for setuid programs it would be nice to get one assigned and have this patched.
Steve, What is MITRE policy on this one. By itself I question if this is a security flaw, but it also would appear to have the potential to turn a DoS into something worse. I'm not sure what policy is in this instance. Thanks. -- JB
Current thread:
- CVE id request: libc fortify source information disclosure Nico Golde (Aug 25)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)