[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request for Thunar (format string errors)
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-04-18 20:17:21
Message-ID: 2051246205.43355.1303157841659.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> > >
> > http://git.xfce.org/xfce/thunar/commit/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
> > > and is triggered when copy/pasting a file named from a format string.
> > > There's no released version including the fix right now.
> >
> > This would probably qualify.
>
> Even if the user has to manually Ctrl-C/Ctrl-V the file in Thunar?
> Thanks.
> >
This sounds like it's worth a CVE id. It's likely that the various gcc
protections aren't used in all situations.
Use CVE-2011-1588
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic