[oss-security] CVE request - pidgin MSN arbitrary file upload
Paul Aurich
paul at darkrain42.org
Thu Jan 14 20:25:21 EST 2010
On Jan 14, 2010, at 14:14, Mark Doliner wrote:
> Just want to be clear I'm not missing anything... the specific bits of
> that pdf that Nico Golde is concerned about are:
> "3. Try to implement a standalone exploit for the
> file download vuln without copy/pasting from
> wireshark.
> 4. Whoever does NOT trip over a memory
> corruption bug in SLP-code wins."
>
> Right?
Yeah.
> Also curious: Has anyone contacted the author of that pdf to request
> that any future security problems be disclosed to us privately before
> being released publicly?
Yes, I said that when I requested more details about the issue (forthcoming).
> --Mark
~Paul
More information about the security
mailing list