Bug#962221: xawtv: CVE-2020-13696

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#962221: xawtv: CVE-2020-13696
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 04 Jun 2020 19:31:48 +0200
Message-id: <[🔎] 159129190871.1446779.10956749972794260254.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 962221@bugs.debian.org

Source: xawtv
Version: 3.106-1
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for xawtv.

CVE-2020-13696[0]:
| v4l-conf setuid-root program allows file existence tests and open(...,
| O_RDRW) on arbitrary files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-13696
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13696
[1] https://www.openwall.com/lists/oss-security/2020/06/04/6

Regards,
Salvatore

Reply to:

Prev by Date: opensubdiv_3.4.3-2~bpo10+1_amd64.changes ACCEPTED into buster-backports, buster-backports
Next by Date: Bug#962274: libcamera-dev: camera.pc doesn't produce necessary CFLAGS to #include <libcamera/camera.h>
Previous by thread: opensubdiv_3.4.3-2~bpo10+1_amd64.changes ACCEPTED into buster-backports, buster-backports
Next by thread: Bug#962274: libcamera-dev: camera.pc doesn't produce necessary CFLAGS to #include <libcamera/camera.h>
Index(es):
- Date
- Thread