[Frugalware-darcs] homepage-ng: FSA206-mutt-devel

voroskoi voroskoi at frugalware.org
Fri Jun 8 10:00:07 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070608075213-dd049-aea9f6fb4cc18554b04109076c04dfd6160eaa02.gz;

[FSA206-mutt-devel
voroskoi <voroskoi at frugalware.org>**20070608075213] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>206</id>
+		<date>2007-06-08</date>
+		<author>voroskoi</author>
+		<package>mutt-devel</package>
+		<vulnerable>1.5.14-1</vulnerable>
+		<unaffected>1.5.14-2terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2139</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683</cve>
+		<desc>A vulnerability has been reported in mutt, which potentially can be exploited by malicious, local users to gain escalated privileges. Successful exploitation may allow execution of arbitrary code with another user's privileges, but requires that the malicious user has a specially crafted realname and exists in the target user's alias file.
+			Also fixes http://dev.mutt.org/trac/ticket/2846</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list