[Slirp] [PATCH v3] slirp: tftp: restrict relative path access
P J P
ppandit at redhat.com
Mon Jan 20 12:47:47 UTC 2020
+-- On Mon, 20 Jan 2020, Philippe Mathieu-Daudé wrote --+
| >> Was it reported by Reno Robert, he also found similar VirtualBox issue?
| >> -> https://www.voidsecurity.in/2019/01/virtualbox-tftp-server-pxe-boot.html
| >
| > Not directly; the reporter account is "jusunLee"
| > (https://launchpad.net/~asiagaming). On the other hand, that
| > LP user account was created on the 18th January just to
| > report that one bug on the 18th, which is the same date as
| > that voidsecurity blogpost, so it may have been somebody
| > who looked for the bug in QEMU's slirp based on the blogpost.
|
| Prasad, Jusun Lee contact is listed on his github:
| https://github.com/vngkv123
Actually, Reno Robert(CC'd) reported it to us earlier on 12 Jan, probably when
he found the VirtualBox issue.
@Samuel: would it be possible to update the committed patch? OR need a revised
one?
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
More information about the Slirp
mailing list