[CVE-2005-4790] tomboy has an untrusted search path
Bug #162520 reported by
Stephan Rügamer
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tomboy (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
| Dapper |
Fix Released
|
Low
|
Unassigned | ||
| Edgy |
Fix Released
|
Low
|
Unassigned | ||
| Feisty |
Fix Released
|
Low
|
Unassigned | ||
| Gutsy |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: tomboy
Dear Colleagues,
tomboy has some untrusted search paths.
CVE says:
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
PLease find attached debdiffs for all supported releases.
Regards,
\sh
CVE References
Revision history for this message
| Stephan Rügamer (sruegamer) wrote | #1 |
Revision history for this message
| Stephan Rügamer (sruegamer) wrote | #2 |
Revision history for this message
| Stephan Rügamer (sruegamer) wrote | #3 |
Revision history for this message
| Stephan Rügamer (sruegamer) wrote | #4 |
| Changed in tomboy: | |
| assignee: | nobody → shermann |
| status: | New → In Progress |
| Changed in tomboy: | |
| importance: | Undecided → Low |
| status: | New → In Progress |
| importance: | Undecided → Low |
| status: | New → In Progress |
| importance: | Undecided → Low |
| status: | New → In Progress |
| importance: | Undecided → Low |
| status: | New → In Progress |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #5 |
| Changed in tomboy: | |
| status: | In Progress → Fix Released |
| status: | In Progress → Fix Released |
| status: | In Progress → Fix Released |
| status: | In Progress → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #6 |
| Changed in tomboy: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
http://