[Pkg-privacy-maintainers] Bug#915859: Bug#915859: uses a fixed filename in /tmp
Ulrike Uhlig
ulrike at debian.org
Wed Dec 12 15:49:00 GMT 2018
Hi!
Salvatore Bonaccorso:
> So it will additionally allow potentially denial of service on
> multi-user systems.
>
> Not sure if the grave severity is warranted, though, will leave this
> discussion to you both :)
Ack, grave sounds a bit grave.
> For tracking the issue, I have requested a CVE from MITRE, which got
> assigned CVE-2018-19960.
Thank you.
I've asked upstream to fix it yesterday, and they did. So I'll upload a
newer version of onionshare a bit later this week (probably not today
though).
Cheers!
u.
More information about the Pkg-privacy-maintainers
mailing list