diff options
| author | ahoka <ahoka@pkgsrc.org> | 2008-12-17 23:49:57 +0000 |
|---|---|---|
| committer | ahoka <ahoka@pkgsrc.org> | 2008-12-17 23:49:57 +0000 |
| commit | 5d4f4d9d49b9f06c179338a0b1e808e256f2cc63 (patch) | |
| tree | 60fc723fcf7e58a95cd03a966f58e0b9e9f59473 /audio/cmus/distinfo | |
| parent | 988b4c8bf5f08fd6615e178b4dd0ab1b55fcecaa (diff) | |
| download | pkgsrc-5d4f4d9d49b9f06c179338a0b1e808e256f2cc63.tar.gz | |
A security issue has been reported in cmus, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
The security issue is caused due to the "cmus-status-display" script using
temporary files in an insecure manner. This can be exploited to
e.g. overwrite arbitrary files via symlink attacks.
This commit fixes this issue.
Diffstat (limited to 'audio/cmus/distinfo')
| -rw-r--r-- | audio/cmus/distinfo | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/audio/cmus/distinfo b/audio/cmus/distinfo index 4c34f2f8e8a..c7b4e3f1fcf 100644 --- a/audio/cmus/distinfo +++ b/audio/cmus/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2008/11/17 13:30:34 ahoka Exp $ +$NetBSD: distinfo,v 1.5 2008/12/17 23:49:57 ahoka Exp $ SHA1 (cmus-2.2.0.tar.bz2) = a6472633ac55660eb3aec5d2ae0296da86903bb2 RMD160 (cmus-2.2.0.tar.bz2) = 1287666c16332ad34222461e29d8355ef607e7b5 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = b5cd6e9c799ea581bfecd242130274c869ed2103 SHA1 (patch-ab) = 1288149006ce37bd0ed69c020ae6e1992cb84743 SHA1 (patch-ac) = 76f346d0338f38c3657f29851d717c62b89d0791 SHA1 (patch-ad) = 8f750a81966d83839f7ca2d66728ce4a48072d73 +SHA1 (patch-ae) = 12565109f672b7bdeeb8b263952376eaaca25f53 |