Date: Sun, 6 Mar 2011 15:26:06 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- logrotate -- nine issues Pavel, On Sun, Mar 06, 2011 at 04:19:04PM +0700, Pavel Labushev wrote: > 06.03.2011 02:21, Solar Designer пишет: > > >> At least in Gentoo there are packages > >> (ebuilds and eclasses) that create user/group-writable directories in > >> /var/log and enable logrotate to handle the log files there. > > > > Is this something you can get fixed? > > I hope it will be fixed soon. Would be nice to have CVEs assigned for these > issues anyway, just to make people aware. If even package maintainers got it > wrong, I bet there's a legion of users who also did. For this to happen, you need to post info on the specific issues and request CVEs for them. Will you do this, please? (Perhaps start a new thread, or even a thread per package - that's up to you.) Thanks! Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ