CVE-2008-4950

Publication date 5 November 2008

Last updated 24 July 2024

** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dpkg-cross	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

this is disputed, let's ignore

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4950