CVE-2008-4965

NameCVE-2008-4965
Descriptionliguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-177-1, DTSA-178-1
Debian Bugs496360

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
liquidsoap (PTS)buster1.3.3-2fixed
bullseye1.4.3-3fixed
bookworm2.1.3-2fixed
sid2.2.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
liquidsoapsourcelenny0.3.6-4+lenny1
liquidsoapsource(unstable)0.3.8.1+2-2low496360

Search for package or bug name: Reporting problems