![]() |
|
Message-ID: <1296619942.3497.18.camel@localhost> Date: Tue, 01 Feb 2011 23:12:22 -0500 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: CVE request: fuse Hello, A few more fixes have made their way to FUSE to prevent TOCTTOU symlink attacks. An unprivileged user was able to unmount arbitrary mounts: http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873 http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 Could we please get one or more CVE numbers for them? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.