Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Nov 2011 09:11:13 -0700
From: Kurt Seifried <>
Subject: Re: CVE Request (minor) -- gnash -- Unsafe management
 of HTTP cookies

On Mon, Nov 21, 2011 at 4:37 AM, Jan Lieskovsky <> wrote:
> Hello Kurt, Steve, vendors,
>  a security flaw was found in the way Shockwave Flash plug-in of the
> gnash, a GNU flash movie player, performed management of HTTP cookies
> (they were stored under /tmp directory with predictable name and world-
> readable permissions). A local attacker could use this flaw to obtain
> sensitive information.
> References:
> [1]
> [2]
> Could you allocate a CVE id for this?
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team

Please use CVE-2011-4328 for this issue.

Kurt Seifried

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.