oss-sec mailing list archives
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes
From: Evan Teitelman <teitelmanevan () gmail com>
Date: Fri, 9 Aug 2013 15:35:02 -0400
On Fri, Aug 9, 2013 at 1:15 PM, Agostino Sarubbo <ago () gentoo org> wrote:
Hello, On Gentoo, the file /etc/nullmailer/remotes is installed with wrong permissions: ~ # ls -la /etc/nullmailer/remotes -rw-r--r-- 1 root root 971 Aug 9 18:58 /etc/nullmailer/remotes Nullmailer-1.11-r2 contains the fix, all prior versions are affected. Please assign a CVE. -- Agostino Sarubbo Gentoo Linux Developer
Here is a link to the bug listing in the Gentoo issue tracker: https://bugs.gentoo.org/show_bug.cgi?id=480376 And the fixed build code: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/mail-mta/nullmailer/nullmailer-1.11-r2.ebuild
Current thread:
- CVE request: nullmailer world readable /etc/nullmailer/remotes Agostino Sarubbo (Aug 09)
- RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Kurt Seifried (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Evan Teitelman (Aug 09)
- RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)