May 2017 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1037050] New: VUL-0: CVE-2017-8400: swftools: out-of-bound write of heap data issue can occur in function png_load()(lib/png.c:755)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037050 Bug ID: 1037050 Summary: VUL-0: CVE-2017-8400: swftools: out-of-bound write of heap data issue can occur in function png_load()(lib/png.c:755) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723320 --> http://bugzilla.opensuse.org/attachment.cgi?id=723320&action=edit CVE-2017-8400_PoC_and_analysis Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8400 ==================================================== Description In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. Source: MITRE Last Modified: 05/01/2017 =================================================== Hyperlink [1] https://github.com/matthiaskramm/swftools/issues/13 [2] https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c… (open-)SUSE: https://software.opensuse.org/package/swftools 0.9.2 (TW, 42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1037048] New: VUL-0: CVE-2017-8399: pcre2: stack-based buffer overflow in pcre2_match.c (elated to a "pattern with very many captures.")
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037048 Bug ID: 1037048 Summary: VUL-0: CVE-2017-8399: pcre2: stack-based buffer overflow in pcre2_match.c (elated to a "pattern with very many captures.") Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8399 =================================================== Description PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." Source: MITRE Last Modified: 05/01/2017 =================================================== Hyperlink [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 [2] https://vcs.pcre.org/pcre2?view=revision&revision=674 (open-)SUSE: https://software.opensuse.org/package/pcre2 10.23 (TW, official repo) 10.22 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1035601] System will freeze when watching video randomly
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1035601 http://bugzilla.suse.com/show_bug.cgi?id=1035601#c30 Borislav Petkov <bpetkov(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |NORESPONSE --- Comment #30 from Borislav Petkov <bpetkov(a)suse.com> --- Sorry to hear that. But ok, let me know if you change your mind. Closing for now. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 993477] New: openSUSE:Factory/hg-git fails to build
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=993477 Bug ID: 993477 Summary: openSUSE:Factory/hg-git fails to build Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: dimstar(a)opensuse.org QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- The package openSUSE:Factory/hg-git has been failing to build for ~ 3 months already. [ 180s] # Test test-help.t [ 180s] # Running sh "/tmp/hgtests.gEXuvQ/child36/test-help.t.sh" [ 181s] # Ret was: False [ 181s] warning: Tested with unexpected mercurial lib: /usr/lib/python2.7/site-packages/mercurial [ 181s] (expected /usr/bin/mercurial) [ 181s] [ 181s] Warned test-extra.t: output changed [ 181s] Warned test-subrepos.t: output changed [ 181s] Warned test-incoming.t: output changed [ 181s] # Ran 37 tests, 0 skipped, 3 warned, 0 failed. [ 181s] # Cleaning up HGTMP /tmp/hgtests.gEXuvQ [ 181s] error: Bad exit status from /var/tmp/rpm-tmp.uZ6Fn3 (%check) Without a fix submitted by August 25, this package will be removed from Tumbleweed -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1035601] System will freeze when watching video randomly
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1035601 miko sabor <mixalhs194858(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|mixalhs194858(a)gmail.com | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1035601] System will freeze when watching video randomly
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1035601 http://bugzilla.suse.com/show_bug.cgi?id=1035601#c29 miko sabor <mixalhs194858(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED Flags|needinfo?(mixalhs194858@gma | |il.com) | --- Comment #29 from miko sabor <mixalhs194858(a)gmail.com> --- Forgive me but i can not continue with this.It is getting to complicate for me!Thank you for the help until now ! -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1036439] New: Ardour: undefined symbol: lilv_file_uri_parse
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1036439 Bug ID: 1036439 Summary: Ardour: undefined symbol: lilv_file_uri_parse Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: 3rd party software Assignee: ecsos(a)schirra.net Reporter: kailed(a)kailed.net QA Contact: opensuse-communityscreening(a)forge.provo.novell.com Found By: --- Blocker: --- HI, Ardour crashed with this error: /usr/lib64/ardour5/ardour-5.8.0: symbol lookup error: /usr/lib64/ardour5/ardour-5.8.0: undefined symbol: lilv_file_uri_parse It happens when I try to load ZynSubAddFX plugin in the Mixer window. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1037008] New: VUL-1: CVE-2016-10349: libarchive: bsdtar: heap-based buffer overflow read
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037008 Bug ID: 1037008 Summary: VUL-1: CVE-2016-10349: libarchive: bsdtar: heap-based buffer overflow read Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723280 --> http://bugzilla.opensuse.org/attachment.cgi?id=723280&action=edit CVE-2016-10349_reproducer Ref: https://blogs.gentoo.org/ago/2017/05/01/libarchive-two-heap-based-buffer-ov… ====================================================== Description: libarchive is a multi-format archive and compression library. In the 2016 I reported two heap-based buffer over-read to libarchive. They appear to have already been fixed in the trunk when I reported them; here are the details: # bsdtar -t -f $FILE ================================================================= ==27838==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500000ff05 at pc 0x7fad7b060778 bp 0x7ffe35698a10 sp 0x7ffe35698a08 READ of size 1 at 0x61500000ff05 thread T0 #0 0x7fad7b060777 in archive_le32dec /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_endian.h:122:20 #1 0x7fad7b060777 in cab_read_header /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_cab.c:669 #2 0x7fad7b060777 in archive_read_format_cab_read_header /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_cab.c:903 #3 0x7fad7affa45b in _archive_read_next_header2 /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:649:7 #4 0x7fad7affa100 in _archive_read_next_header /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:687:8 #5 0x514c89 in read_archive /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:261:7 #6 0x51416b in tar_mode_t /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:94:2 #7 0x50f1a8 in main /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/bsdtar.c:803:3 #8 0x7fad7a08d61f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 #9 0x41c168 in _init (/usr/bin/bsdtar+0x41c168) 0x61500000ff05 is located 5 bytes to the right of 512-byte region [0x61500000fd00,0x61500000ff00) allocated by thread T0 here: #0 0x4d4f28 in malloc /tmp/portage/sys-devel/llvm-3.9.0-r1/work/llvm-3.9.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64 #1 0x7fad7aff5854 in __archive_read_filter_ahead /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:1436:17 #2 0x7fad7b0db8cd in archive_read_format_tar_bid /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_tar.c:310:6 #3 0x7fad7afef670 in choose_format /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:712:10 #4 0x7fad7afef670 in archive_read_open1 /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:529 #5 0x7fad7b0162e1 in archive_read_open_filenames /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_open_filename.c:152:10 #6 0x7fad7b015e8b in archive_read_open_filename /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_open_filename.c:109:9 #7 0x5149eb in read_archive /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:223:6 #8 0x51416b in tar_mode_t /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:94:2 #9 0x50f1a8 in main /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/bsdtar.c:803:3 #10 0x7fad7a08d61f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_endian.h:122:20 in archive_le32dec Shadow bytes around the buggy address: 0x0c2a7fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fff9fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c2a7fff9fe0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fff9ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==27838==ABORTING Affected version: 3.2.2 Fixed version: 3.3.0 Commit fix: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00105-libarchive-heapoverflow-a… CVE: CVE-2016-10349 ====================================================== [1] https://security-tracker.debian.org/tracker/CVE-2016-10349 [2] https://github.com/libarchive/libarchive/issues/834 -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1037009] New: VUL-1: CVE-2016-10350: libarchive: bsdtar: heap-based buffer overflow read (in archive_read_format_cab_read_header)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037009 Bug ID: 1037009 Summary: VUL-1: CVE-2016-10350: libarchive: bsdtar: heap-based buffer overflow read (in archive_read_format_cab_read_header) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723281 --> http://bugzilla.opensuse.org/attachment.cgi?id=723281&action=edit CVE-2016-10350_reproducer Ref: https://blogs.gentoo.org/ago/2017/05/01/libarchive-two-heap-based-buffer-ov… ============================================================== Description: libarchive is a multi-format archive and compression library. In the 2016 I reported two heap-based buffer over-read to libarchive. They appear to have already been fixed in the trunk when I reported them; here are the details: # bsdtar -t -f $FILE ==21129==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500000ff00 at pc 0x7fa070bd7827 bp 0x7fffb7183a30 sp 0x7fffb7183a28 READ of size 1 at 0x61500000ff00 thread T0 #0 0x7fa070bd7826 in archive_read_format_cab_read_header /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_cab.c:903:9 #1 0x7fa070b7145b in _archive_read_next_header2 /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:649:7 #2 0x7fa070b71100 in _archive_read_next_header /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:687:8 #3 0x514c89 in read_archive /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:261:7 #4 0x51416b in tar_mode_t /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:94:2 #5 0x50f1a8 in main /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/bsdtar.c:803:3 #6 0x7fa06fc0461f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 #7 0x41c168 in _init (/usr/bin/bsdtar+0x41c168) 0x61500000ff00 is located 0 bytes to the right of 512-byte region [0x61500000fd00,0x61500000ff00) allocated by thread T0 here: #0 0x4d4f28 in malloc /tmp/portage/sys-devel/llvm-3.9.0-r1/work/llvm-3.9.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64 #1 0x7fa070b6c854 in __archive_read_filter_ahead /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:1436:17 #2 0x7fa070c528cd in archive_read_format_tar_bid /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_tar.c:310:6 #3 0x7fa070b66670 in choose_format /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:712:10 #4 0x7fa070b66670 in archive_read_open1 /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read.c:529 #5 0x7fa070b8d2e1 in archive_read_open_filenames /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_open_filename.c:152:10 #6 0x7fa070b8ce8b in archive_read_open_filename /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_open_filename.c:109:9 #7 0x5149eb in read_archive /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:223:6 #8 0x51416b in tar_mode_t /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/read.c:94:2 #9 0x50f1a8 in main /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/tar/bsdtar.c:803:3 #10 0x7fa06fc0461f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/portage/app-arch/libarchive-3.2.2/work/libarchive-3.2.2/libarchive/archive_read_support_format_cab.c:903:9 in archive_read_format_cab_read_header Shadow bytes around the buggy address: 0x0c2a7fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fff9fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fff9fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c2a7fff9fe0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fff9ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==21129==ABORTING Affected version: 3.2.2 Fixed version: 3.3.0 Commit fix: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00106-libarchive-heapoverflow-a… CVE: CVE-2016-10350 Credit: These bugs were discovered by Agostino Sarubbo of Gentoo. Timeline: 2016-12-06: bugs discovered and reported to upstream 2017-05-01: blog post about the issue 2017-05-01: CVE assigned Note: This bug was found with American Fuzzy Lop. Permalink: libarchive: two heap-based buffer overflow read ============================================================== [1] https://security-tracker.debian.org/tracker/CVE-2016-10350 [2] https://github.com/libarchive/libarchive/issues/835 (open-)SUSE: https://software.opensuse.org/package/bsdtar 3.3.1 (TW, official repo) 3.1.2 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1037007] New: VUL-1: CVE-2016-10351: telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037007 Bug ID: 1037007 Summary: VUL-1: CVE-2016-10351: telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Ref: https://blogs.gentoo.org/ago/2017/05/01/telegram-desktop-insecure-permissio… =================================================== Description: Telegram-desktop is the official desktop client for Telegram. During the navigation of my filesystem I found the .TelegramDesktop with 755 permission: drwxr-xr-x 4 ago ago 4096 nov 23 14:30 .TelegramDesktop Affected version: At least from 0.10.19 to 1.0.29 Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2016-10351 Timeline: 2016-11-23: bug discovered and reported to upstream 2017-05-01: blog post about the issue 2017-05-01: CVE assigned Permalink: telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory =================================================== (open-)SUSE: https://software.opensuse.org/package/telegram-desktop 1.0.24 (TW, server:messaging repo) 1.0.14 (42.2, server:messaging repo) 0.9.56 (42.1, server:messaging repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1