On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote:
> * Henri Salo <he...@nerv.fi>, 2012-02-11, 14:11:
> >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
> >>drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
> >>-rw-rw-rw- 1 user users 732 Feb 9 23:29
> >>/home/user/.local/share/uzbl/cookies.txt
> >>
> >>This allows local users to steal cookies (and tamper with them).
> >
> >Does this security-issue have CVE-identifier? I can request one
> >from oss-security mailing list if ID hasn't been assigned.
>
> It's been already requested, but not assigned yet AFAICS:
> http://seclists.org/oss-sec/2012/q1/406
>
> --
> Jakub Wilk
Ok. Thank you for fast reply. Please contact me if you need testing or other
help.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
