Jeroen Van Wolffelaar

**Name of the Vulnerable Software and Affected Versions** libopenobex version 1.2 **Description** The issue allows user-assisted remote attackers to overwrite files via an arbitrary destination file name in an OBEX File Transfer session, when ircp is run with the -r option. This occurs because ircp io.c in libopenobex does not prompt the user when overwriting files. **Recommendations** For libopenobex version 1.2, consider adding a prompt to warn the user when overwriting files, especially when ircp is run with the -r option, to prevent unintended file overwrites.

**Name of the Vulnerable Software and Affected Versions** SmartList versions 3.15 and earlier **Description** The issue allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. Multiple vulnerabilities in the SmartList package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. **Recommendations** For SmartList versions 3.15 and earlier, consider disabling the confirm add-on functionality until a patch is available to prevent attackers from subscribing arbitrary e-mail addresses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: lintian versions 1.23 and earlier Description: The issue allows local users to potentially delete arbitrary files or directories via a symlink attack because the working directory is removed even if it was not created by lintian. Recommendations: For versions 1.23 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.