On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote: > * Henri Salo <he...@nerv.fi>, 2012-02-11, 14:11: > >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}} > >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/ > >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/ > >>drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/ > >>-rw-rw-rw- 1 user users 732 Feb 9 23:29 > >>/home/user/.local/share/uzbl/cookies.txt > >> > >>This allows local users to steal cookies (and tamper with them). > > > >Does this security-issue have CVE-identifier? I can request one > >from oss-security mailing list if ID hasn't been assigned. > > It's been already requested, but not assigned yet AFAICS: > http://seclists.org/oss-sec/2012/q1/406 > > -- > Jakub Wilk
Ok. Thank you for fast reply. Please contact me if you need testing or other help. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org