[pkg-fgfs-crew] Bug#862689: flightgear: CVE-2017-8921

Salvatore Bonaccorso carnil at debian.org
Mon May 15 20:05:59 UTC 2017

Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5


the following vulnerability was published for flightgear.

| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user has write access to, but not with
| arbitrary data: only with the contents of a FlightGear flightplan
| (XML). A resource such as a malicious third-party aircraft could
| exploit this to damage files belonging to the user. Both this issue and
| CVE-2016-9956 are directory traversal vulnerabilities in
| Autopilot/route_mgr.cxx - this one exists because of an incomplete fix
| for CVE-2016-9956.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8921


More information about the pkg-fgfs-crew mailing list