Summary: | <net-p2p/mldonkey-3.0.0: arbitrary file disclosure vulnerability (CVE-2009-0753) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-p2p, spiralvoice |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://savannah.nongnu.org/bugs/?25667 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 261562 |
Description
Stefan Behte (RETIRED)
![]() ![]() Arches, please test and mark stable: =net-p2p/mldonkey-2.9.7 Target keywords : "amd64 hppa ppc x86" How exactly does 2.9.7 fix this bug? Also, it is not properly tracked in the Security product. The security bug is present in MLDonkey >= 2.8.4 to <= 2.9.7 and was fixed today in MLDonkey 3.0.0 =net-p2p/mldonkey-3.0.0 in the tree Arches: amd64 hppa ppc x86 Arches, please test and mark stable: =net-p2p/mldonkey-3.0.0 Target keywords : "amd64 hppa ppc x86" x86 stable Stable for HPPA. CVE-2009-0753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0753): Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. amd64 stable ppc done Ready for vote, I vote YES. YES, request filed. GLSA 200903-36 |