Hello,
I just recode xcfa-5.x.x with gtk3 library and I also corrected the
bugs: Bug#756600
http://bugs.debian.org/756600
The latest xcfa version is available here :
http://download.tuxfamily.org/xcfaudio/xcfa_download/src/
Thank you for your patience.
Claude
Le 31/07/2014
This bug report has now resulted in two CVE identifiers,
as discussed here:
http://www.openwall.com/lists/oss-security/2014/08/15/4
CVE-2014-5254 - For all symlink issues.
CVE-2014-5255 - For code execution via the temporary shell script issue.
Steve
--
http://www.steve.org.uk/
_
Hello,
On Thu, Jul 31, 2014 at 10:00 AM, Steve Kemp wrote:
>
> Package: xcfa
> Version: 4.3.1-1
> Severity: important
> Tags: security
>
> xcfa contains several insecure uses of temporary files.
Thank you Steve for the great work.
Claude, can you please have a look at this bug? It sounds pretty
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
For example the file src/get_info.c has code to test that
curl is present, in the function GetInfo_wget which
essentially runs:
wget --user-agent=\"Mozilla 22.0\" --
