Hi Felipe,
* Felipe Sateler <[EMAIL PROTECTED]> [2008-04-15 23:01]:
[...]
> lib/prefs.tcl does, at line 185:
> catch {exec $csound >& /tmp/csvers}
> set f [open /tmp/csvers r]
Confirmed, requested CVE id.
Thanks!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECT
Package: cecilia
Version: 2.0.5-2
Severity: grave
Tags: security
Justification: user security hole
lib/prefs.tcl does, at line 185:
catch {exec $csound >& /tmp/csvers}
set f [open /tmp/csvers r]
A malicious user could create /tmp/csvers as a symlink to another file,
and when cecil
2 matches
Mail list logo
