write permissions for, and are also world-readable which may cause
information leak.
CVE-2010-4337
Jakub Wilk discovered an unsafe management of temporary files during the
build process. Files are stored under /tmp and have predictable names,
vulnerability that allows a local attacker to overwrite arbitrary files
the users has write permissions for.
For the stable distribution (squeeze), this problem has been fixed in
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-7224
Debian Bug : 380347
Jakub Wilk discovered an off-by-one buffer overflow in the charset
handling of elinks, a feature-rich text-mode WWW browser, which might
lead to the execution of arbitrary code if the user is tricked into
opening a malformed HTML page.
For the old stable distribution (etch), this problem has been fixed in
Vulnerability : directory traversal
Problem type : local
Debian-specific: no
CVE ID : CVE-2010-1679
Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian
package management system, doesn't correctly handle paths in patches of
source packages, which could make it traverse directories.
Raphal Hertzog additionally discovered that symbolic links in the .pc
directory are followed, which could make it traverse directories too.
In general, a standard system update will make all the necessary changes.
Details follow:
Jakub Wilk and Raphal Hertzog discovered that dpkg-source did not
correctly handle certain paths and symlinks when unpacking source-format
version 3.0 packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial
of service or potentially gaining access to the system.
1 dev-util/mercurial < 1.0.1-r2 >= 1.0.1-r2
Description
===========
Jakub Wilk discovered a directory traversal vulnerabilty in the
applydiff() function in the mercurial/patch.py file.
Impact
======
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)
Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)
