Please merge cmus 2.2.0-1.1 (multiverse) from Debian unstable (main).
Bug #312215 reported by
Alessio Treglia
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cmus (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cmus
Please merge cmus 2.2.0-1.1 (multiverse) from Debian unstable (main).
Changelog since current jaunty version 2.2.0-1ubuntu1:
cmus (2.2.0-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Modify example script cmus-status-display to write the current
status to .cmus-status in the user's home instead of /tmp/cmus-status,
since the latter could lead to symlink attacks. CVE-2008-5375
(Closes: #509277)
-- Moritz Muehlenhoff <email address hidden> Sun, 28 Dec 2008 14:57:06 +0100
Related branches
CVE References
To post a comment you must log in.
This bug was fixed in the package cmus - 2.2.0-1.1ubuntu1
---------------
cmus (2.2.0-1.1ubuntu1) jaunty; urgency=low
* Merge from debian unstable (LP: #312215), Ubuntu remaining changes:
- ffmpeg.c: use correct headers location to fix FTBFS with recent ffmpeg
snapshots (LP: #311007).
cmus (2.2.0-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Modify example script cmus-status-display to write the current
status to .cmus-status in the user's home instead of /tmp/cmus-status,
since the latter could lead to symlink attacks. CVE-2008-5375
(Closes: #509277)
-- Alessio Treglia <email address hidden> Mon, 29 Dec 2008 17:36:47 +0100