Hello,
I just recode xcfa-5.x.x with gtk3 library and I also corrected the
bugs: Bug#756600
http://bugs.debian.org/756600
The latest xcfa version is available here :
http://download.tuxfamily.org/xcfaudio/xcfa_download/src/
Thank you for your patience.
Claude
Le
This bug report has now resulted in two CVE identifiers,
as discussed here:
http://www.openwall.com/lists/oss-security/2014/08/15/4
CVE-2014-5254 - For all symlink issues.
CVE-2014-5255 - For code execution via the temporary shell script issue.
Steve
--
http://www.steve.org.uk/
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
For example the file src/get_info.c has code to test that
curl is present, in the function GetInfo_wget which
essentially runs:
wget --user-agent=\Mozilla 22.0\
Hello,
On Thu, Jul 31, 2014 at 10:00 AM, Steve Kemp st...@steve.org.uk wrote:
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
Thank you Steve for the great work.
Claude, can you please have a look at this bug? It