Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable
* Luca BRUNO , 2012-02-11, 15:33:
+try:
+ # make sure the cookie jar is not world-open
+ perm_mode = os.stat(self.filename).st_mode
+ if (perm_mode & (stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH)) > 0:
+ os.chmod(self.filename, (stat.S_IMODE(perm_mod
Processing commands for cont...@bugs.debian.org:
> forwarded 659379
> http://www.uzbl.org/bugs/index.php?do=details&task_id=291&project=1
Bug #659379 [uzbl] uzbl: world-readable (and writable!) cookie jar
Set Bug forwarded-to-address to
'http://www.uzbl.org/bugs/index.php?do=details&task_id=291&
forwarded 659379
http://www.uzbl.org/bugs/index.php?do=details&task_id=291&project=1
thanks
Henri Salo scrisse:
> > >>This allows local users to steal cookies (and tamper with them).
> > >
> > >Does this security-issue have CVE-identifier? I can request one
> > >from oss-security mailing list if
On Fri, Feb 10, 2012 at 05:09:13PM +0100, Jakub Wilk wrote:
> Package: uzbl
> Version: 0.0.0~git.20100403-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
> $ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
>
On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote:
> * Henri Salo , 2012-02-11, 14:11:
> >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
> >>drwxr-xr-
* Henri Salo , 2012-02-11, 14:11:
$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
-rw-rw-rw- 1
Package: uzbl
Version: 0.0.0~git.20100403-3
Severity: grave
Tags: security
Justification: user security hole
$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
drwxr-xr-x
9 matches
Mail list logo
