'Re: [oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / D'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / D
From:       Matthias Gerstner <mgerstner () suse ! de>
Date:       2020-01-27 9:43:58
Message-ID: 20200127094358.GA11637 () f195 ! suse ! de
[Download RAW message or body]

> I've informed the upstream maintainer about this issue on 2019-11-13 and
> discussed various aspects of a suitable security fix with him. No
> agreement on a suitable publication date for this finding or a final
> patch could be achieved and I did not hear back for around a month by
> now.

I've been informed by a third party that an upstream release sarg-2.4.0
[1] containing a fix [2] is now available.

[1]: https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/
[2]: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic