oss-sec mailing list archives
Re: CVE Request: rssh command-line parsing vulnerability
From: Russ Allbery <rra () stanford edu>
Date: Fri, 10 Aug 2012 22:12:22 -0700
Kurt Seifried <kseifried () redhat com> writes:
Not sure why I didn't get this a CVE earlier, please use CVE-2012-3478 for this issue. Red Hat reference: https://bugzilla.redhat.com/show_bug.cgi?id=820414
Thanks! I'm happy to share the patches that I have for the Debian package if Red Hat would also like to use them. They're somewhat different than upstream (or, rather, I had to layer additional patches on top of upstream) because Debian adds support for the new rsync protocol flags and for svnserve as a supported program, which required changes to the patch. -- Russ Allbery (rra () stanford edu) <http://www.eyrie.org/~eagle/>
Current thread:
- CVE Request: rssh command-line parsing vulnerability Russ Allbery (Aug 10)
- Re: CVE Request: rssh command-line parsing vulnerability Kurt Seifried (Aug 10)
- Re: CVE Request: rssh command-line parsing vulnerability Russ Allbery (Aug 10)
- Re: CVE Request: rssh command-line parsing vulnerability Kurt Seifried (Aug 10)