2
Candidate: CVE-2007-4460
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460
6
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3
7
allows local users to overwrite arbitrary files via a symlink attack on a
8
temporary file whose name is constructed from the name of a file being
12
kees> this is barely a security issue: attackers able to write to your
13
local working directory can do many other bad things to you too.
14
jdstrand> fixed in [DSA 1365-3]
17
dapper_id3lib3.8.3: ignored (reached end-of-life)
18
edgy_id3lib3.8.3: needed (reached end-of-life)
19
feisty_id3lib3.8.3: needed (reached end-of-life)
20
gutsy_id3lib3.8.3: released (3.8.3-7ubuntu1)
21
hardy_id3lib3.8.3: released (3.8.3-7ubuntu1)
22
intrepid_id3lib3.8.3: released (3.8.3-7ubuntu1)
23
jaunty_id3lib3.8.3: released (3.8.3-7ubuntu1)
24
devel_id3lib3.8.3: released (3.8.3-7ubuntu1)