oss-sec mailing list archives
Re: CVE request for Thunar (format string errors)
From: Josh Bressers <bressers () redhat com>
Date: Mon, 18 Apr 2011 16:17:21 -0400 (EDT)
----- Original Message -----
http://git.xfce.org/xfce/thunar/commit/?id=03dd312e157d4fa8a11d5fa402706ae5b05806faand is triggered when copy/pasting a file named from a format string. There's no released version including the fix right now.This would probably qualify.Even if the user has to manually Ctrl-C/Ctrl-V the file in Thunar? Thanks.
This sounds like it's worth a CVE id. It's likely that the various gcc
protections aren't used in all situations.
Use CVE-2011-1588
Thanks.
--
JB
Current thread:
- CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Tomas Hoger (Apr 15)
- Re: CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Josh Bressers (Apr 18)
- Re: CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Tomas Hoger (Apr 15)