[Slirp] [PATCH v3] slirp: tftp: restrict relative path access

P J P ppandit at redhat.com
Mon Jan 20 07:40:31 UTC 2020


+-- On Fri, 17 Jan 2020, Peter Maydell wrote --+
| That's because it's been marked "private" as a security bug (so you need lp 
| admin privileges to see it). Unfortunately LP has no mechanism for a project 
| to say "we don't take security bug reports through LP, disable private bug 
| reports", so there are a handful of them lurking in the system unseen 
| (because nobody checks there), of which this tftp bug was one. I just copied 
| the text out of the bug report and forwarded it to the security email list, 
| but have otherwise no relationship with it.

Was it reported by Reno Robert, he also found similar VirtualBox issue?
  -> https://www.voidsecurity.in/2019/01/virtualbox-tftp-server-pxe-boot.html

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D



More information about the Slirp mailing list