oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: older fuseiso stuff

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 27 Mar 2016 13:34:43 +0200
Hi,

On Mon, Feb 23, 2015 at 10:24:14AM +0100, Florian Weimer wrote:

On 02/07/2015 12:17 AM, Kurt Seifried wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=863102 
https://bugzilla.redhat.com/show_bug.cgi?id=863091

may warrant a CVE


I opened up the dependent bugs which have more information:

https://bugzilla.redhat.com/show_bug.cgi?id=861358
https://bugzilla.redhat.com/show_bug.cgi?id=862211

Note that fuseiso is fairly broken and does not even support UDF, so
its usefulness is limited.  Newer systems have the unprivileged image
mounting functionality provided by udisks2, so a userspace
implementation of the ISO 9660 and UDF file systems is no longer needed.


Can two CVEs still be assigned for this issue to have an identifier
for the issues?

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: