MXit PRPL user-supplied file paths
Mark Doliner
mark at kingant.net
Wed Jan 9 03:17:51 EST 2013
On Sun, Jan 6, 2013 at 1:35 PM, Ethan Blanton <elb at pidgin.im> wrote:
> I believe we need a CVE and embargo even if all of this is generated
> by the MXit servers. Why should MXit users trust the MXit servers
> implicitly? This is a vulnerability.
Ok, I'll request a CVE for these two MXit issues a bit later. I think
the policy is for just one CVE for the two issues, since they have a
similar root cause. And I'll apply my patch when the time comes for
us to do the patch release.
I need to read through a few other recent security emails before
putting together the release and talking to packagers, but I'll try
not to drag my feet too long :-/
More information about the security
mailing list