* Henri Salo <he...@nerv.fi>, 2012-02-11, 14:11:
$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
-rw-rw-rw- 1 user users 732 Feb 9 23:29
/home/user/.local/share/uzbl/cookies.txt
This allows local users to steal cookies (and tamper with them).
Does this security-issue have CVE-identifier? I can request one from
oss-security mailing list if ID hasn't been assigned.
It's been already requested, but not assigned yet AFAICS:
http://seclists.org/oss-sec/2012/q1/406
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
