[Slirp] [PATCH v3] slirp: tftp: restrict relative path access
P J P
ppandit at redhat.com
Mon Jan 20 07:40:31 UTC 2020
+-- On Fri, 17 Jan 2020, Peter Maydell wrote --+
| That's because it's been marked "private" as a security bug (so you need lp
| admin privileges to see it). Unfortunately LP has no mechanism for a project
| to say "we don't take security bug reports through LP, disable private bug
| reports", so there are a handful of them lurking in the system unseen
| (because nobody checks there), of which this tftp bug was one. I just copied
| the text out of the bug report and forwarded it to the security email list,
| but have otherwise no relationship with it.
Was it reported by Reno Robert, he also found similar VirtualBox issue?
-> https://www.voidsecurity.in/2019/01/virtualbox-tftp-server-pxe-boot.html
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
More information about the Slirp
mailing list