Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=122683c0b96d7d1488b32c59d6ace170b87f19d4

commit 122683c0b96d7d1488b32c59d6ace170b87f19d4
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Tue Mar 30 00:02:04 2010 +0200

FSA646-pulseaudio

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 3480151..b115c7f 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,18 @@

<fsas>
<fsa>
+               <id>646</id>
+               <date>2010-03-30</date>
+               <author>Miklos Vajna</author>
+               <package>pulseaudio</package>
+               <vulnerable>0.9.21-2</vulnerable>
+               <unaffected>0.9.21-3locris1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4130</bts>
+               
<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1299</cve>
+               <desc>This fixes a security issue, which can be exploited by 
malicious, local users to perform certain actions with escalated privileges.
+                       The security issue is caused due to the application 
performing chown() and chmod() calls without checking for symbolic links in 
existing directories. This can be exploited to e.g. change permissions and 
ownership of arbitrary files via symlink attacks.</desc>
+       </fsa>
+       <fsa>
<id>645</id>
<date>2010-03-28</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to