[pkg-fgfs-crew] Bug#873439: flightgear: CVE-2017-13709: Incorrect access control

Salvatore Bonaccorso carnil at debian.org
Sun Aug 27 18:10:45 UTC 2017

Source: flightgear
Version: 1:2017.2.1+dfsg-3
Severity: grave
Tags: upstream security


the following vulnerability was published for flightgear.

| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger
| subsystem allows one to overwrite any file via a resource that affects
| the contents of the global Property Tree.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13709
[1] http://www.openwall.com/lists/oss-security/2017/08/27/1

Please adjust the affected versions in the BTS as needed.


More information about the pkg-fgfs-crew mailing list