Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=eadf84f76806e7f9c185754614fc86ce3961674e
commit eadf84f76806e7f9c185754614fc86ce3961674e Author: kikadf <[email protected]> Date: Thu Aug 28 17:49:47 2014 +0200 Add FSA for cups diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 390e8b1..e633d1e 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -39,6 +39,21 @@ <fsas> <fsa> + <id>888</id> + <date>2014-08-28</date> + <author>kikadf</author> + <package>cups</package> + <vulnerable>1.6.1-3arcturus3</vulnerable> + <unaffected>1.6.1-3arcturus4</unaffected> + <bts></bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031</cve> + <desc>The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. + CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. + The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.</desc> + </fsa> + <fsa> <id>887</id> <date>2014-08-28</date> <author>kikadf</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
