From 5e943299ac5ead6f5d514ffb888b5a82f96041d7 Mon Sep 17 00:00:00 2001 From: feld Date: Wed, 12 Aug 2015 19:32:26 +0000 Subject: Document py-foolscap vulnerability --- security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index cb570f606069..a439aecd8209 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,38 @@ Notes: --> + + py-foolscap -- local file inclusion + + + py27-foolscap + py32-foolscap + py33-foolscap + py34-foolscap + 0.7.0 + + + + +

Brian Warner reports:

+
The "flappserver" feature was found to have a vulnerability in the + service-lookup code which, when combined with an attacker who has the ability + to write files to a location where the flappserver process could read them, + would allow that attacker to obtain control of the flappserver process.
+

+ + + + https://github.com/warner/foolscap/blob/a17218e18e01c05a9655863cd507b80561692c14/NEWS + http://foolscap.lothar.com/trac/ticket/226 + + + 2014-09-23 + 2015-08-12 + + + libvpx -- out-of-bounds write -- cgit