Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: surf
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 09 Feb 2012 22:43:52 -0700

On 02/09/2012 05:24 PM, Florian Weimer wrote:
surf does not protect its cookie jar against access read access from
other local users, as reported by Jakub Wilk in this Debian bug:

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296>

Could someone please assign a CVE for this?

So for surf suckless (http://surf.suckless.org/) please use CVE-2012-0842

uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and
netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir
function creates the dot directory with world-readable settings) have
a similar issue, but are from different code bases.  I think those
should get distinct CVEs, too.

I'll need advisories or code commits, or links to the vuln code to
assign CVE's (I need more information). Thanks!


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault