[Secure-testing-team] Bug#873439: flightgear: CVE-2017-13709: Incorrect access control
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 27 18:10:45 UTC 2017
Source: flightgear
Version: 1:2017.2.1+dfsg-3
Severity: grave
Tags: upstream security
Hi,
the following vulnerability was published for flightgear.
CVE-2017-13709[0]:
| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger
| subsystem allows one to overwrite any file via a resource that affects
| the contents of the global Property Tree.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709
[1] http://www.openwall.com/lists/oss-security/2017/08/27/1
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list