Vincent Lefevre

**Name of the Vulnerable Software and Affected Versions** StarDict versions 3.0.7+git20220909+dfsg-6 **Description** The YouDao plugin for StarDict sends X11 selection data to the dict.youdao.com and dict.cn servers via cleartext HTTP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Perl versions 5.13.6 through 5.41.12 **Description** The issue is related to a working directory race condition in Perl threads, where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed, which can be visible to other threads. This may lead to unintended operations, such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. **Recommendations** For Perl versions 5.13.6 through 5.41.12, upgrade to Perl 5.41.13 or apply the patch immediately to resolve the issue. As a temporary workaround, consider avoiding the creation of threads while a directory handle is open to minimize the risk of exploitation. Restrict access to sensitive files and directories to prevent unintended operations.

**Name of the Vulnerable Software and Affected Versions** wicd versions prior to 1.7.2.1 **Description** The issue concerns multiple vulnerabilities in the wicd package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, wicd saves sensitive information in log files in /var/log/wicd, allowing attackers to obtain passwords and other sensitive information. **Recommendations** For versions prior to 1.7.2.1, update to version 1.7.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files in /var/log/wicd to minimize the risk of exploitation.