Re: [SECURITY] [DSA 2324-1] wireshark security update

To: debian-curiosa@lists.debian.org
Subject: Re: [SECURITY] [DSA 2324-1] wireshark security update
From: A Mennucc <debdev@tonelli.sns.it>
Date: Fri, 21 Oct 2011 09:38:19 +0200
Message-id: <20111021073819.GA1862@tonelli.sns.it>
Reply-to: mennucc1@debian.org
In-reply-to: <20111020194559.GA5551@pisco.westfalen.local>
References: <20111020194559.GA5551@pisco.westfalen.local>

On Thu, Oct 20, 2011 at 09:45:59PM +0200, Moritz Muehlenhoff wrote:
> Package        : wireshark
> Vulnerability  : programming error
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-3360 
> 
> The Microsoft Vulnerability Research group discovered that insecure
> load path handling could lead to execution of arbitrary Lua script code.

How comes that Microsoft invests money in auditing open-source 
software?

(A non-unrelated question: did they also send somebody down with
a hairdryer to hell?)

a.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2324-1] wireshark security update
  - From: Giovanni Mascellani <gio@debian.org>
- Re: [SECURITY] [DSA 2324-1] wireshark security update
  - From: Lionel Elie Mamane <lionel@mamane.lu>

Prev by Date: Re: Bug#645895: ftp.debian.org: epoch should be part of the .deb file name
Next by Date: Re: [SECURITY] [DSA 2324-1] wireshark security update
Previous by thread: Re: Bug#645895: ftp.debian.org: epoch should be part of the .deb file name
Next by thread: Re: [SECURITY] [DSA 2324-1] wireshark security update
Index(es):
- Date
- Thread