Bug#873259: According to Redhat advisory this is not actually a security problem

Ola Lundqvist ola at inguza.com
Fri Sep 8 19:27:08 UTC 2017


I have not been able to confirm this statement as I do not have access to
the bugzilla entries but Redhat advisory claims that in order to exploit
this you actually need to create crafted NDB DBM files which is very likely
to be a problem in practice. Typically you need write access for the user
running the service and then there are easier ways to cause problems than
this. This means that this is really a minor security problem if any. It
would however be good if someone could confirm the statement from Redhat.

I have marked the issue as no-dsa for wheezy but if someone have
information that proove redhat to be wrong then we should change that

Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Folkebogatan 26            \
|  opal at debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20170908/d267e02a/attachment-0007.html>

More information about the pkg-mozilla-maintainers mailing list