Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0807271751450.20336@faron.mitre.org>
Date: Sun, 27 Jul 2008 17:53:53 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Links < 2.1 security issue


On Sun, 27 Jul 2008, Pierre-Yves Rofes wrote:

> Anyone investigated this, or even has a clue on the potential impact?
> Not sure if a CVE can be assigned, since this is very (too?) vague...

We operate on the assumption that if a developer says it's a security
issue, it's worth assigning a CVE for.

But you wind up with uninformative descriptions like the one below :-/

- Steve

======================================================
Name: CVE-2008-3329
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
Reference: CONFIRM:http://links.twibright.com/download/ChangeLog

Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.