Re: [SECURITY] [DSA 2324-1] wireshark security update

To: debian-curiosa@lists.debian.org
Subject: Re: [SECURITY] [DSA 2324-1] wireshark security update
From: Giovanni Mascellani <gio@debian.org>
Date: Fri, 21 Oct 2011 14:07:07 +0200
Message-id: <4EA1606B.4010408@debian.org>
In-reply-to: <20111021073819.GA1862@tonelli.sns.it>
References: <20111020194559.GA5551@pisco.westfalen.local> <20111021073819.GA1862@tonelli.sns.it>

On 21/10/2011 09:38, A Mennucc wrote:
> On Thu, Oct 20, 2011 at 09:45:59PM +0200, Moritz Muehlenhoff wrote:
>> Package        : wireshark
>> Vulnerability  : programming error
>> Problem type   : remote
>> Debian-specific: no
>> CVE ID         : CVE-2011-3360 
>>
>> The Microsoft Vulnerability Research group discovered that insecure
>> load path handling could lead to execution of arbitrary Lua script code.
> 
> How comes that Microsoft invests money in auditing open-source 
> software?

Just to say that they found (thus there are) more vulnerabilities in
FLOSS software than in their proprietary products...

:-P

Gio.
-- 
Giovanni Mascellani <mascellani@poisson.phc.unipi.it>
Pisa, Italy

Web: http://poisson.phc.unipi.it/~mascellani
Jabber: g.mascellani@jabber.org / giovanni@elabor.homelinux.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Re: [SECURITY] [DSA 2324-1] wireshark security update
  - From: A Mennucc <debdev@tonelli.sns.it>

Prev by Date: Re: [SECURITY] [DSA 2324-1] wireshark security update
Next by Date: Re: [SECURITY] [DSA 2324-1] wireshark security update
Previous by thread: Re: [SECURITY] [DSA 2324-1] wireshark security update
Next by thread: Re: [SECURITY] [DSA 2324-1] wireshark security update
Index(es):
- Date
- Thread