Package: cmus Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for cmus.
CVE-2008-5375[0]: | cmus-status-display in cmus 2.2.0 allows local users to overwrite | arbitrary files via a symlink attack on the /tmp/cmus-status temporary | file. debug.c also does something in /tmp, so one would need to check that as well. Since the program is not executed with root rights, this could be fixed for stable via stable-proposed-updates. It would also be nice to fix this bug for lenny. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5375 http://security-tracker.debian.net/tracker/CVE-2008-5375 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
