Hi, On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote: > Control: retitle -1 patch: directory traversal via file rename > > Hi Jonathan, > > On Thu, Jan 22, 2015 at 09:56:20PM +0000, Jonathan Wiltshire wrote: > > On Thu, Jan 22, 2015 at 09:49:39PM +0000, Jonathan Wiltshire wrote: > > > This issue was assigned CVE-2015-1196. If you upload fixed packages, > > > please > > > include the CVE identifier in the changelog. > > > > Seems the previous fix was incomplete, if I understand the traffic > > correctly. > > I think this needs a new CVE. CVE-2015-1196 was assigned for the > following: > > [1] https://bugs.debian.org/775227 > [2] https://security-tracker.debian.org/tracker/CVE-2015-1196 > > and the directory traversal via file rename does not seem to have a > CVE yet? (retitling back this subject just to avoid confusion).
I have requested a CVE for this one at http://www.openwall.com/lists/oss-security/2015/01/24/2 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
