Summary: | <media-sound/tunapie-2.1.16 Multiple vulnerabilities (CVE-2009-{1253,1254}) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | trivial | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://seclists.org/fulldisclosure/2009/Apr/0066.html | ||||||
Whiteboard: | ~2 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-04-07 23:43:50 UTC
Created attachment 187655 [details, diff]
tunapie-CVE-2009-1253+1254.patch
Ubuntu bug: https://bugs.launchpad.net/bugs/314591 CVE-2009-1253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1253): James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file. CVE-2009-1254 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1254): James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL. fixed in 2.1.16. Please bump. (In reply to comment #4) > fixed in 2.1.16. Please bump. > Thanks Robert Bumped to 2.1.17 and removed old versions since there was no stable, please just close this if you agree that there is no need for glsa. thanks, closing with no GLSA since it's ~arch. |