oss-sec mailing list archives

Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files

From: <cve-assign () mitre org>
Date: Thu, 15 Dec 2016 12:46:09 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

https://bugs.debian.org/848114
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/

+ SGPath authorizedPath = fgValidatePath(path, true /* write */);


Use CVE-2016-9956.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYUtTdAAoJEHb/MwWLVhi2FvQQALOQ9koKeFNAWXn9+FVyNjUP
GZkG+4gC5q/33B1IY4UIF08TQuXGz2diPgORmkS2jRKPWz0LBQvgI0UhPUJZR48v
MjtR6x2kvHDb2JtXMBhmySZTvwez9MJ8XosoXsmemAY1m8BgmffxgI8xExXjPpph
B08bDQAB8tspqiONLaGT+fWyeObid0LnZg0TPxif3pdkW8k2ZpfQog7AtV/ShMqK
o9aGvozIOG4nRXbHORhJroS6RfBbiblblMDt6mD1U9MWi6EXOamvG2tvEeSqWwda
wCuoocCPWifL+ythFF73emldNTl8E84z3PjEvPIb3wW5QTnc2v8j58J2Nga5A/AJ
PCOVkB2cUa2gHsUpLZ6ahr8bjPV41FErgP0r7c72Pk0O1o+eieMKg5nzW56941h7
0c6ilhNHLN1uYXeelfLzM1Y3XqH4RdyDE24tAOP+b/kw8aEOj3WWpwWI1kPeooaD
vJ70dXWn5sRWiUVknptQAV8v71o/C8Ah0rE6ArnP4i7uF6LTBc85fv+ye3xP8y9e
iA5Q6HwkT/aJfW0jFPhCNg84wgxn+n13pyEppQ5ojjPJtzbaMHsI1AN294Y/FYYM
//cDvlr14sPIht1DXa94/gFBY1Sebkg3mk3AIYvVEEvCcq7Vmyo1htOeyraH0Kdc
ihaXPExomG2PvjS3JIjV
=JSzX
-----END PGP SIGNATURE-----

Current thread:

CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files cve-assign (Dec 15)
- <Possible follow-ups>
- Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Florent Rougon (Dec 16)