'Re: [oss-security] CVE request for Thunar (format string errors)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for Thunar (format string errors)
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-04-18 20:17:21
Message-ID: 2051246205.43355.1303157841659.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> > >
> > http://git.xfce.org/xfce/thunar/commit/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
> > > and is triggered when copy/pasting a file named from a format string.
> > > There's no released version including the fix right now.
> >
> > This would probably qualify.
> 
> Even if the user has to manually Ctrl-C/Ctrl-V the file in Thunar?
> Thanks.
> >

This sounds like it's worth a CVE id. It's likely that the various gcc
protections aren't used in all situations.

Use CVE-2011-1588

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic