Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-4631

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

Related bugs and status

CVE-2007-4631 (Candidate) is related to these bugs:

Bug #138719: [Sync request] Sync qgit (1.5.5-1.1) from Debian unstable (main)

Summary				In	Importance	Status
	138719	[Sync request] Sync qgit (1.5.5-1.1) from Debian unstable (main)		qgit (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.gentoo.org...
CONFIRM: http://sourceforge.net...
SECUNIA: 26745
MISC: https://bugzilla.redha...
FEDORA: FEDORA-2007-2108
BID: 25618
SECUNIA: 26738
GENTOO: GLSA-200710-05
SECUNIA: 27098
VUPEN: ADV-2007-3107
CONFIRM: http://sourceforge.net...
XF: qgit-dataloader-symlin...