oss-sec mailing list archives
Re: CVE request: surf
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 09 Feb 2012 22:43:52 -0700
On 02/09/2012 05:24 PM, Florian Weimer wrote:
surf does not protect its cookie jar against access read access from other local users, as reported by Jakub Wilk in this Debian bug: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296> Could someone please assign a CVE for this?
So for surf suckless (http://surf.suckless.org/) please use CVE-2012-0842
uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir function creates the dot directory with world-readable settings) have a similar issue, but are from different code bases. I think those should get distinct CVEs, too.
I'll need advisories or code commits, or links to the vuln code to assign CVE's (I need more information). Thanks! -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request: surf Florian Weimer (Feb 09)
- Re: CVE request: surf Kurt Seifried (Feb 09)
- Re: CVE request: surf Florian Weimer (Feb 10)
- RE: CVE request: surf Daniel Suarez (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 11)
- Re: CVE request: surf Florian Weimer (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 09)