Re: [SECURITY] [DSA 2324-1] wireshark security update

To: debian-curiosa@lists.debian.org
Subject: Re: [SECURITY] [DSA 2324-1] wireshark security update
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Mon, 24 Oct 2011 11:43:56 +0200
Message-id: <20111024094356.GD7825@capsaicin.mamane.lu>
In-reply-to: <20111021073819.GA1862@tonelli.sns.it>
References: <20111020194559.GA5551@pisco.westfalen.local> <20111021073819.GA1862@tonelli.sns.it>

On Fri, Oct 21, 2011 at 09:38:19AM +0200, A Mennucc wrote:
> On Thu, Oct 20, 2011 at 09:45:59PM +0200, Moritz Muehlenhoff wrote:
>> Package        : wireshark

>> The Microsoft Vulnerability Research group discovered that insecure
>> load path handling could lead to execution of arbitrary Lua script code.

> How comes that Microsoft invests money in auditing open-source
> software?

Because they (would like to) use it, find it a valuable tool, but
would like to avoid it being an attack vector into their network?

Your guess is as good as mine.

-- 
Lionel

Reply to:

References:
- Re: [SECURITY] [DSA 2324-1] wireshark security update
  - From: A Mennucc <debdev@tonelli.sns.it>

Prev by Date: Re: [SECURITY] [DSA 2324-1] wireshark security update
Next by Date: Re: Bug#646804: ITP: cheermeup -- Send affirmative messages to the user via the notification library
Previous by thread: Re: [SECURITY] [DSA 2324-1] wireshark security update
Next by thread: Re: Bug#646804: ITP: cheermeup -- Send affirmative messages to the user via the notification library
Index(es):
- Date
- Thread