CVE-2013-7301

NameCVE-2013-7301
DescriptionCantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cantata (PTS)buster2.3.3.ds1-1fixed
bullseye2.4.2.ds1-1fixed
bookworm2.5.0.ds1-1fixed
sid, trixie2.5.0.ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cantatasource(unstable)(not affected)

Notes

- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
https://code.google.com/p/cantata/issues/detail?id=356

Search for package or bug name: Reporting problems