oss-sec mailing list archives
RE: CVE request: surf
From: Daniel Suarez <daniel () sefisasecure com>
Date: Fri, 10 Feb 2012 22:21:53 +0000
-----Mensaje original----- De: Florian Weimer [mailto:fw () deneb enyo de] Enviado el: viernes, 10 de febrero de 2012 16:11 Para: oss-security () lists openwall com Asunto: Re: [oss-security] CVE request: surf * Kurt Seifried:
On 02/09/2012 05:24 PM, Florian Weimer wrote:surf does not protect its cookie jar against access read access from other local users, as reported by Jakub Wilk in this Debian bug: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296> Could someone please assign a CVE for this?So for surf suckless (http://surf.suckless.org/) please use CVE-2012-0842
Oops. I mistook this for the HTTP client library. Your reference is correct, and it appears I consistently wrote "surf" (the correct spelling).
uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir function creates the dot directory with world-readable settings) have a similar issue, but are from different code bases. I think those should get distinct CVEs, too.I'll need advisories or code commits, or links to the vuln code to assign CVE's (I need more information). Thanks!
Jakub has filed bugs: uzbl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659379 netsurf: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659376 This message has been scanned for malware by Websense. www.websense.com
Current thread:
- CVE request: surf Florian Weimer (Feb 09)
- Re: CVE request: surf Kurt Seifried (Feb 09)
- Re: CVE request: surf Florian Weimer (Feb 10)
- RE: CVE request: surf Daniel Suarez (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 11)
- Re: CVE request: surf Florian Weimer (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 09)