Moritz Muehlenhoff wrote:
> Martin Schulze wrote:
> > > > Due to a bug in the environment variable substitution code it is
> > > > possible to inject environment variables such as LD_PRELOAD and gain a
> > > > root shell.
> > >
> > > Confirmed.
> > >
> > > Joey we'll need an ID for it.
> >
> > Please use CVE-2005-3344 and inform vendor-sec.
> ^^^^^^^^^^^^^
>
> You already used this for the insecure default configuration in horde3
> (DSA-884).
Stupid me. I must have been distracted somehow. Please use CVE-2005-3346
instead.
Moritz, thanks a lot for paying attention!
Regards,
Joey
--
Life is too short to run proprietary software. -- Bdale Garbee
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
