oss-sec mailing list archives
possible CVE request: Tryton client input sanitization flaw
From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 04 Nov 2013 21:43:25 +1100
Hello, An input sanitization flaw was found in the Tryton client: http://lists.debian.org/debian-security-announce/2013/msg00203.html https://bugs.tryton.org/issue3446 http://hg.tryton.org/tryton/rev/357d0a4d9cb8A malicious server could use this flaw to write to files accessible to the user running the Tryton client.
There is some discussion in issue3446 about why a CVE may not be needed (starting at msg14493), and msg14507 notes a CVE could have possibly been assigned via OpenBSD ... so I defer to the CVE experts.
Cheers, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- possible CVE request: Tryton client input sanitization flaw Murray McAllister (Nov 04)
- Re: possible CVE request: Tryton client input sanitization flaw Kurt Seifried (Nov 04)