oss-sec mailing list archives
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver
From: Michael Gilbert <michael.s.gilbert () gmail com>
Date: Fri, 22 Jul 2011 14:16:28 -0400
Mike O'Connor wrote:
It looks like you've seen the same kind of thing before: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306
Yes, those are CVE-2009-1573 and CVE-2009-1756.
This may be worth a mention in the xauth man page.
I think the vast majority aren't going to pay attention to seemingly pedantic man page warnings, but then again it may be worth it to help the few that do. Mike
Current thread:
- cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 18)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor (Jul 21)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 22)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Aug 03)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor (Jul 21)