Joey Hess

**Name of the Vulnerable Software and Affected Versions** archivemail version 0.6.2 **Description** The issue is related to the insecure use of temporary files, which can lead to a possible race condition. **Recommendations** For archivemail version 0.6.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** termpkg version 3.3 **Description** The issue is related to a buffer overflow. **Recommendations** For termpkg version 3.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Nvu versions 0.99 through 1.0pre **Description** The issue arises from Nvu using an outdated version of Mozilla XPCOM, which can lead to multiple security problems. **Recommendations** For Nvu versions 0.99 through 1.0pre, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** git-annex (affected versions not specified) **Description** The issue concerns an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key, potentially exposing encrypted data that was never stored in git-annex. This attack requires the attacker to have control of a server hosting an encrypted special remote used by the victim's git-annex repository. The attacker can use `git annex addurl --relaxed` with an innocuous URL and then send the content of the GPG-encrypted file they wish to have decrypted when the user downloads the content from the special remote. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** git-annex (affected versions not specified) **Description** The issue concerns a private data exposure and exfiltration attack in git-annex. It could expose the content of files located outside the git-annex repository or content from a private web server on localhost or the LAN. To perform this attack, the attacker needs to have control over one of the remotes of the victim's git-annex repository. The attack can be performed by running `git-annex addurl --relaxed file:///etc/passwd` and committing this to the repository. The attacker can also use URLs to private web servers. The issue was discovered by Joey Hess. **Recommendations** To fix the issue, git-annex was updated to refuse to follow `file:///` URLs and URLs pointing to private/local IP addresses by default. Two new configuration settings, `annex.security.allowed-url-schemes` and `annex.security.allowed-ip-addresses`, can relax this security policy. As a temporary workaround, consider disabling the `git-annex` assistant or restricting the use of `git annex sync --content` until the issue is resolved. Restrict access to the vulnerable `git-annex` repository to minimize the risk of exploitation. Avoid using `git-annex addurl --relaxed` with untrusted URLs. Developers of external special remotes are encouraged to prevent this attack by not following such HTTP redirects. Note: The provided information does not specify the exact versions of git-annex that are affected by this issue. Therefore, it is recommended to update git-annex to the latest version available. If no specific fix is provided for a particular version, it is recommended to follow the general guidelines for securing git-annex repositories.

**Name of the Vulnerable Software and Affected Versions** kgb-bot version 1.33-2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash. **Recommendations** For version 1.33-2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** aptlinex versions prior to 0.91 **Description** The issue concerns the GUI of aptlinex, which does not provide adequate warnings to users about potentially dangerous actions. This allows remote attackers to modify or remove packages by using an apt:// URL. **Recommendations** For versions prior to 0.91, update to version 0.91 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ikiwiki versions prior to 2.42 **Description** A cross-site request forgery issue allows remote attackers to modify user preferences, including passwords, via the preferences and edit forms. **Recommendations** For versions prior to 2.42, update to version 2.42 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Debian installer for shadow version 4.0.14 Debian installer for base-config version 2.53.10 **Description** The issue concerns sensitive information being included in world-readable log files by the Debian installer. This information includes preseeded passwords and pppoeconf passwords, which could potentially allow local users to gain privileges. **Recommendations** For shadow version 4.0.14, restrict access to the log files generated by the Debian installer to prevent unauthorized users from reading sensitive information. For base-config version 2.53.10, consider modifying the installer to exclude sensitive information from log files or apply appropriate permissions to limit access to these logs.

**Name of the Vulnerable Software and Affected Versions** CGI::Session version 4.03-1 **Description** The issue allows local users to obtain privileged information, such as session keys, by viewing temporary files created in Driver::File and Driver::db file. This is due to improper permissions set on these files. **Recommendations** For CGI::Session version 4.03-1, update the permissions on temporary files created in Driver::File and Driver::db file to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CGI::Session version 4.03-1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by certain drivers. This can be achieved through drivers such as Driver::File, Driver::db file, and possibly Driver::sqlite. **Recommendations** For CGI::Session version 4.03-1, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. As a temporary mitigation measure, restrict access to temporary files used by the affected drivers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sharutils version 4.2.1 **Description** The issue affects the sharutils package in Red Hat Enterprise Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Specifically, the `unshar` function in `unshar.c` allows local users to overwrite arbitrary files via a symlink attack on the `unsh.X` temporary file. **Recommendations** For sharutils version 4.2.1, consider restricting access to the `unshar` function until a patch is available. As a temporary workaround, avoid using the `unshar` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cdrecord versions prior to 4:2.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files when DEBUG is enabled. **Recommendations** For versions prior to 4:2.0, disable the DEBUG mode to prevent the symlink attack on temporary files.

**Name of the Vulnerable Software and Affected Versions** DGen Emulator versions 1.23 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of gzip or bzip ROM files. This is due to a flaw in the romload.c file. **Recommendations** For DGen Emulator versions 1.23 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.