[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / D
From: Matthias Gerstner <mgerstner () suse ! de>
Date: 2020-01-27 9:43:58
Message-ID: 20200127094358.GA11637 () f195 ! suse ! de
[Download RAW message or body]
> I've informed the upstream maintainer about this issue on 2019-11-13 and
> discussed various aspects of a suitable security fix with him. No
> agreement on a suitable publication date for this finding or a final
> patch could be achieved and I did not hear back for around a month by
> now.
I've been informed by a third party that an upstream release sarg-2.4.0
[1] containing a fix [2] is now available.
[1]: https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/
[2]: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic