Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=4818fdb9e07eefce8584a089546c369b1d76d5ba
commit 4818fdb9e07eefce8584a089546c369b1d76d5ba Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Tue Aug 26 16:22:34 2008 +0200 FSA512-amarok diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 20aec8f..12e7a17 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,17 @@ <fsas> <fsa> + <id>512</id> + <date>2008-08-26</date> + <package>amarok</package> + <vulnerable>1.4.8-2</vulnerable> + <unaffected>1.4.10-1kalgan1</unaffected> + <bts>http://bugs.frugalware.org/task/3312</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699</cve> + <desc>A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. + The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application.</desc> + </fsa> + <fsa> <id>511</id> <date>2008-08-26</date> <package>pdns</package> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git