'Re: [oss-security] CVE request: skunkweb world-readable logdir'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: skunkweb world-readable logdir
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-02-25 21:00:22
Message-ID: 512BD0E6.9030800 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 11:45 AM, Agostino Sarubbo wrote:
> skunkweb, a robust Python web application server, produces a
> world-readable log.
> 
> # ls -la /var/log/skunkweb/sw.log -rw-r--r-- 1 skunkweb skunkweb
> 4529 Feb 24 19:41 /var/log/skunkweb/sw.log
> 
> The development seems dead. Upstream site:
> http://skunkweb.sourceforge.net/
> 

This is not maintained/used much, not assigning a CVE for now.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9DmAAoJEBYNRVNeJnmTOo0P/RjyKdNoYacl23sSapKWCumQ
i0TwRj0A9q2jcJJ4xKiKrMmfqhL7OAZuvyWz1Pm3KuzQdxhZ3Sne1rRy4501Bp+4
TkREQOv50SByHEdozarM3Z5Nos5ysknW4yJIJtCHCFatAxPt0Ksizd+LLeQf7ic7
wSOOzFJPxkRORlTU118+iO+CwWUokuPGxPLiYBFTNtWYCRb+GUH+CdsP+qq64dHa
aWhFouUaCvl+M4uwkSwEAzhe1d4L7BpiRmffJVZKW+ELRkcEyXh1lq848Y8qhBOX
st59h+SJ9NIXrsvO6CSFcHmM2Xk1+sqGLBIZybWUJmn740HVlrE1UdruGE3XUlG1
q3oDBLkUuMb9G0OnsnQjxBzgFRIAemOa7Muv2Lpa7O9PNKJAzcare1Kh+tKfqFrM
QocRESKgXmssg+I+bo8/qOTRNTvnFO2mvogZVqunqFgVOQto3xxq0f8xCVbQh20+
FASnNx59qcEnmPSrxCKfU/Q2WbiF0A48Oobm+8W1zs/6duiqaX0twswSYcmFMcOE
HWonorW8JqMQ6dRbjahcOI9Xo6Gr25yFQN511XcUvukz6kX1SdERo4fMPVup6YKZ
kouTdcyjSNGgHCnCJZ71/ywaSsos3oTdPC6IaWEevC9vzPrwyevN+4cKoFOOSiT2
XwMMxurOOpzoFEAfMxx2
=as7y
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic