1
Candidate: CVE-2013-7301
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7301
5
https://code.google.com/p/cantata/issues/detail?id=356
7
Cantata before 1.2.2 does not restrict access to files in the play queue,
8
which allows remote attackers to obtain sensitive information by reading
9
the songs in the queue.
11
Automatically started HTTP server listens on all interfaces and will serve
12
any file that the user running the HTTP server has access to, including e.g.
15
sbeattie> according to debian bug report, 1.1.3 package does not start
16
httpd server by default
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736154
24
upstream_cantata: pending (1.2.2)
28
raring_cantata: ignored (reached end-of-life)
29
saucy_cantata: ignored (reached end-of-life)
30
trusty_cantata: not-affected (1.1.3-0ubuntu1~ubuntu13.11)
31
devel_cantata: not-affected (1.3.4.ds1-1)