oss-sec mailing list archives

Re: CVE Request -- logrotate -- nine issues

From: Pavel Labushev <p.labushev () gmail com>
Date: Sun, 06 Mar 2011 16:19:04 +0700

06.03.2011 02:21, Solar Designer пишет:

At least in Gentoo there are packages
(ebuilds and eclasses) that create user/group-writable directories in
/var/log and enable logrotate to handle the log files there.


Is this something you can get fixed?


I hope it will be fixed soon. Would be nice to have CVEs assigned for these
issues anyway, just to make people aware. If even package maintainers got it
wrong, I bet there's a legion of users who also did.

Current thread:

Re: CVE Request -- logrotate -- nine issues, (continued)
- - - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
  - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)