oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

possible CVE request: Tryton client input sanitization flaw

From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 04 Nov 2013 21:43:25 +1100
Hello,

An input sanitization flaw was found in the Tryton client:

http://lists.debian.org/debian-security-announce/2013/msg00203.html
https://bugs.tryton.org/issue3446
http://hg.tryton.org/tryton/rev/357d0a4d9cb8
A malicious server could use this flaw to write to files accessible to the user running the Tryton client.
There is some discussion in issue3446 about why a CVE may not be needed (starting at msg14493), and msg14507 notes a CVE could have possibly been assigned via OpenBSD ... so I defer to the CVE experts. 

Cheers,

--
Murray McAllister / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: