CVE-2009-4193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4193): Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.
No stable ebuild, so it's just ~3.
0.14 is not even in the tree yet. leaving open and block the 0.14 bump request. more links: https://bugzilla.redhat.com/show_bug.cgi?id=544284 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548546 http://trac.openstreetmap.org/ticket/2320
Still valid for versions >0.14 ? There is another bump request for 0.16.1 #311127
It's seems fixed (reported fixed in bugzilla and my test show that too)
hallo, someone alive?
0.17.2 is in main tree. No older versions around. This bug is thus not present in main tree. Feel free to close this.
(In reply to comment #6) > 0.17.2 is in main tree. No older versions around. This bug is thus not present > in main tree. Feel free to close this. Great, thanks. Closing noglsa for ~arch only package.