Bug#921133: CVE-2018-17613

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#921133: CVE-2018-17613

Moritz Muehlenhoff
Package: telegram-desktop
Severity: important
Tags: security

This got assigned CVE-2018-17613:
https://seclists.org/oss-sec/2018/q3/280

Not sure if this is fixed in the version in sid/buster?

Cheers,
        Moritz

Reply | Threaded
Open this post in threaded view
|

Bug#921133: CVE-2018-17613

Alexander Gerasiov-3
On Sat, 02 Feb 2019 00:53:59 +0100
Moritz Muehlenhoff <[hidden email]> wrote:

> Package: telegram-desktop
> Severity: important
> Tags: security
>
> This got assigned CVE-2018-17613:
> https://seclists.org/oss-sec/2018/q3/280
>

This CVE looks really strange:

Using client you can add SOCKS5 proxy with login and password, then
press "share proxy" and this proxy will be shared _with credentials_.

But it's supposed to work in this way.

I suggest to close the bugreport as invalid.


--
Best regards,
 Alexander Gerasiov

 Contacts:
 e-mail: [hidden email]  WWW: http://gerasiov.net  TG/Skype: gerasiov
 PGP fingerprint: 04B5 9D90 DF7C C2AB CD49  BAEA CA87 E9E8 2AAC 33F1