Re: [SECURITY] [DSA 2324-1] wireshark security update
On Thu, Oct 20, 2011 at 09:45:59PM +0200, Moritz Muehlenhoff wrote:
> Package : wireshark
> Vulnerability : programming error
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-3360
>
> The Microsoft Vulnerability Research group discovered that insecure
> load path handling could lead to execution of arbitrary Lua script code.
How comes that Microsoft invests money in auditing open-source
software?
(A non-unrelated question: did they also send somebody down with
a hairdryer to hell?)
a.
Reply to: