CVE-2006-3619

NameCVE-2006-3619
SourceCVE (at NVD; RH)
DescriptionDirectory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
ReferencesDSA-1170
NVD severitylow (attack range: remote, user-initiated)
Debian Bugs368397
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gcc-3.4 (PTS)lenny3.4.6ds1-9fixed
gcc-4.1 (PTS)lenny4.1.2-25fixed
squeeze4.1.2-29fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-3.4source(unstable)3.4.4-0low
gcc-3.4sourcesarge3.4.3-13sarge1lowDSA-1170
gcc-4.1source(unstable)4.1.1-11low368397

Notes

gcc-3.4 no longer builds the fastjar package
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Imprint