Bug 12648 - libsoup: CVE-2011-2524: Directory traversal vulnerability to read arbitrary files
: libsoup: CVE-2011-2524: Directory traversal vulnerability to read arbitrary f...
Status: NEW
Product: Maemo 5 Community SSU
general
: testing
: N900 Maemo
: Unspecified major (vote)
: ---
Assigned To: unassigned
: general
:
:
:
:
  Show dependency tree
 
Reported: 2012-08-10 16:06 UTC by Andre Klapper
Modified: 2012-08-10 16:06 UTC (History)
0 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Andre Klapper (reporter) maemo.org 2012-08-10 16:06:39 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2524

Directory traversal vulnerability in soup-uri.c in SoupServer in
libsoup before 2.35.4 allows remote attackers to read arbitrary files
via a %2e%2e (encoded dot dot) in a URI.

Latest Maemo5 CSSU Testing ships
libsoup2.4-1 2.26.3-0maemo3+0m5

Looking at
http://repository.maemo.org/pool/fremantle/free/libs/libsoup2.4/libsoup2.4_2.26.3-0maemo3+0m5.tar.gz
the currently shipped version is affected.

UPSTREAM TICKET:
https://bugzilla.gnome.org/show_bug.cgi?id=653258

PATCH TO BACKPORT:
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea