CVE-2013-7301

NameCVE-2013-7301
DescriptionCantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cantata (PTS)stretch2.0.1.ds1-2fixed
buster2.3.3.ds1-1fixed
bullseye2.4.2.ds1-1fixed
bookworm, sid2.4.2.ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cantatasource(unstable)(not affected)

Notes

- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
https://code.google.com/p/cantata/issues/detail?id=356

Search for package or bug name: Reporting problems