oss-sec mailing list archives
Re: CVE Request -- logrotate -- nine issues
From: Solar Designer <solar () openwall com>
Date: Sun, 6 Mar 2011 15:26:06 +0300
Pavel, On Sun, Mar 06, 2011 at 04:19:04PM +0700, Pavel Labushev wrote:
06.03.2011 02:21, Solar Designer пишет:At least in Gentoo there are packages (ebuilds and eclasses) that create user/group-writable directories in /var/log and enable logrotate to handle the log files there.Is this something you can get fixed?I hope it will be fixed soon. Would be nice to have CVEs assigned for these issues anyway, just to make people aware. If even package maintainers got it wrong, I bet there's a legion of users who also did.
For this to happen, you need to post info on the specific issues and request CVEs for them. Will you do this, please? (Perhaps start a new thread, or even a thread per package - that's up to you.) Thanks! Alexander
Current thread:
- Re: CVE Request -- logrotate -- nine issues, (continued)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)