[pkg-fgfs-crew] Bug#862689: flightgear: CVE-2017-8921
carnil at debian.org
Mon May 15 20:05:59 UTC 2017
Tags: upstream patch security
Control: found -1 3.0.0-5
the following vulnerability was published for flightgear.
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user has write access to, but not with
| arbitrary data: only with the contents of a FlightGear flightplan
| (XML). A resource such as a malicious third-party aircraft could
| exploit this to damage files belonging to the user. Both this issue and
| CVE-2016-9956 are directory traversal vulnerabilities in
| Autopilot/route_mgr.cxx - this one exists because of an incomplete fix
| for CVE-2016-9956.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the pkg-fgfs-crew