Source: accountsservice Version: 0.6.43-1 Severity: important Tags: patch security upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=107085 Control: found -1 0.6.45-1
Hi, The following vulnerability was published for accountsservice. CVE-2018-14036[0]: | Directory Traversal with ../ sequences occurs in AccountsService before | 0.6.50 because of an insufficient path check in | user_change_icon_file_authorized_cb() in user.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036 [1] https://bugs.freedesktop.org/show_bug.cgi?id=107085 [2] http://www.openwall.com/lists/oss-security/2018/07/02/2 [3] https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
