Launchpad CVE tracker

CVE 2007-2030

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

Related bugs and status

CVE-2007-2030 (Candidate) is related to these bugs:

Bug #138615: Please sync lha (multiverse) from Debian unstable (non-free)

Summary				In	Importance	Status
	138615	Please sync lha (multiverse) from Debian unstable (non-free)		lha (Ubuntu)	Wishlist	Fix Released

Bug #173210: lha is broken in gutsy amd64

Summary				In	Importance	Status
	173210	lha is broken in gutsy amd64		lha (Ubuntu)	Medium	Fix Released
	173210	lha is broken in gutsy amd64		lha (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
BID: 24336
SECUNIA: 25519
MANDRIVA: MDKSA-2007:117
OSVDB: 37049
XF: lha-lharc-symlink(34063)

Launchpad.net

CVE 2007-2030

Related bugs and status

Related bugs

References