Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 6 Mar 2011 15:26:06 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- logrotate -- nine issues

Pavel,

On Sun, Mar 06, 2011 at 04:19:04PM +0700, Pavel Labushev wrote:
> 06.03.2011 02:21, Solar Designer пишет:
> 
> >> At least in Gentoo there are packages
> >> (ebuilds and eclasses) that create user/group-writable directories in
> >> /var/log and enable logrotate to handle the log files there.
> > 
> > Is this something you can get fixed?
> 
> I hope it will be fixed soon. Would be nice to have CVEs assigned for these
> issues anyway, just to make people aware. If even package maintainers got it
> wrong, I bet there's a legion of users who also did.

For this to happen, you need to post info on the specific issues and
request CVEs for them.  Will you do this, please?  (Perhaps start a new
thread, or even a thread per package - that's up to you.)

Thanks!

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.