6 matches found
DLA-564-1 tardiff - security update
Bulletin has no description...
[SECURITY] [DLA 564-1] tardiff security update
Package : tardiff Version : 0.1-1+deb7u1 CVE ID : CVE-2015-0857 CVE-2015-0858 Two vulnerabilities were found in tardiff: CVE-2015-0857 Arbitrary command execution was possible via shell metacharacters in the name of a 1 tar file or 2 file within a tar file. CVE-2015-0858 Local users could write t...
CVE-2015-0858
Summary: CVE-2015-0858 affects tardiff (Cool Projects). The vulnerability is a local symlink attack on a pathname under /tmp/tardiff-$$, allowing local users to write to arbitrary files. Debian security advisory DLA-564-1 fixes this in tardiff version 0.1-1+deb7u1 for Debian 7 (Wheezy). CVSS data...
Debian DSA-3562-1 : tardiff - security update
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell...
[SECURITY] [DSA 3562-1] tardiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3562-1] tardiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...