+wml (2.0.11-2ubuntu0.1) gutsy-security; urgency=low + + * debian/control + - updated maintainer field + * SECURITY UPDATE: (LP: #191205) + + wml_backend/p1_ipp/ipp.src (CVE-2008-0665) + - in Website META Language (WML) 2.0.11 allows local + users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp + temporary file. + + wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666) + - Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary + files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by + wml_contrib/wmg.cgi and (2) temporary files used by + wml_backend/p3_eperl/eperl_sys.c. + * References + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665 + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666 + + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 + + -- Emanuele Gentili <[EMAIL PROTECTED]> Mon, 10 Mar 2008 16:58:14 +0100
** Attachment added: "gutsy_wml_2.0.11-2ubuntu0.1.debdiff" http://launchpadlibrarian.net/12547127/gutsy_wml_2.0.11-2ubuntu0.1.debdiff ** Changed in: wml (Ubuntu Gutsy) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
