oss-sec mailing list archives
Re: Links < 2.1 security issue
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sun, 27 Jul 2008 17:53:53 -0400 (EDT)
On Sun, 27 Jul 2008, Pierre-Yves Rofes wrote:
Anyone investigated this, or even has a clue on the potential impact? Not sure if a CVE can be assigned, since this is very (too?) vague...
We operate on the assumption that if a developer says it's a security issue, it's worth assigning a CVE for. But you wind up with uninformative descriptions like the one below :-/ - Steve ====================================================== Name: CVE-2008-3329 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 Reference: CONFIRM:http://links.twibright.com/download/ChangeLog Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
Current thread:
- Links < 2.1 security issue Pierre-Yves Rofes (Jul 27)
- Re: Links < 2.1 security issue Steven M. Christey (Jul 27)
- Re: Links < 2.1 security issue Nico Golde (Jul 28)
- Re: Links < 2.1 security issue Steven M. Christey (Jul 27)