danfruehauf
commented
4 years ago I understand some people are going to be very unhappy with it. However I hope to add -L and -R options.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1803499
Closed danfruehauf closed 4 years ago
danfruehauf
commented
4 years ago I understand some people are going to be very unhappy with it. However I hope to add -L and -R options.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1803499
danfruehauf
commented
4 years ago @lhw This should be urgently deployed. I'll tag it as 1.2.11
carnil
commented
4 years ago @danfruehauf can you please request a CVE as needed for the privilege escalation flaw via https://cveform.mitre.org/ ?
kobus-v-schoor
commented
4 years ago @carnil I've requested a CVE ID and will post it here once I've heard back from them.
carnil
commented
4 years ago @kobus-v-schoor was there any news on the CVE assignment?
carnil
commented
4 years ago @danfruehauf https://bugzilla.redhat.com/show_bug.cgi?id=1803499 is not publicly accessible, possible to open that up? This might be blocking the CVE assignment from MITRE if they have not enough context.
carnil
commented
4 years ago CVE-2020-9355 was assigned for this issue.
purpleidea
commented
4 years ago Darn. I can't -D anymore. Is there some way to add this? :(
12345ieee
commented
3 years ago The PR removed the extra options, but left in the README section and the image, giving the false impression this is still supported.
On the same topic, I'd really like to have -L back, would you be open to merge a very restricted input field that just allows the user to append valid -L blocks?
After analyzing some privilege escalation possibilites, it was decided it is best to remove extra options