Accepted: wml, wml, wml, wml, wml 2.0.8-11ubuntu0.6.10 (source, amd64, i386, powerpc, sparc)
Ubuntu Installer
archive at ubuntu.com
Fri Mar 14 20:56:06 GMT 2008
Accepted:
OK: wml_2.0.8.orig.tar.gz
OK: wml_2.0.8-11ubuntu0.6.10.diff.gz
OK: wml_2.0.8-11ubuntu0.6.10.dsc
-> Component: universe Section: web
OK: wml_2.0.8-11ubuntu0.6.10_amd64.deb
OK: wml_2.0.8-11ubuntu0.6.10_i386.deb
OK: wml_2.0.8-11ubuntu0.6.10_powerpc.deb
OK: wml_2.0.8-11ubuntu0.6.10_sparc.deb
Format: 1.7
Date: Mon, 10 Mar 2008 17:49:38 +0100
Source: wml
Binary: wml
Architecture: amd64 i386 powerpc source sparc
Version: 2.0.8-11ubuntu0.6.10
Distribution: edgy-security
Urgency: low
Maintainer: Denis Barbier <barbier at debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
wml - off-line HTML generation toolkit
Changes:
wml (2.0.8-11ubuntu0.6.10) edgy-security; urgency=low
.
* SECURITY UPDATE: (LP: #191205)
.
+ wml_backend/p1_ipp/ipp.src (CVE-2008-0665)
- in Website META Language (WML) 2.0.11 allows local
users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp
temporary file.
+ wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666)
- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary
files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by
wml_contrib/wmg.cgi and (2) temporary files used by
wml_backend/p3_eperl/eperl_sys.c.
.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907
Files:
dd90a3f4abd197fa871284e29fd35d00 528574 web optional wml_2.0.8-11ubuntu0.6.10_amd64.deb
5704f5a397026660a03fd5a8066de3bf 527640 web optional wml_2.0.8-11ubuntu0.6.10_i386.deb
312433579b56e8c3b873737ed15a3623 529568 web optional wml_2.0.8-11ubuntu0.6.10_powerpc.deb
20052528cfff835ea9af2ae1d0b7c790 604 web optional wml_2.0.8-11ubuntu0.6.10.dsc
9e8b0402c5e641c6851c8a4e4193c2d5 26520 web optional wml_2.0.8-11ubuntu0.6.10.diff.gz
498858a27952738f83f69d5f192a14bf 527860 web optional wml_2.0.8-11ubuntu0.6.10_sparc.deb
More information about the edgy-changes
mailing list