Candidate: CVE-2017-13709
PublicDate: 2017-08-27 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709
 http://www.openwall.com/lists/oss-security/2017/08/27/1
 https://sourceforge.net/p/flightgear/flightgear/ci/2a5e3d06b2c0d9f831063afe7e7260bca456d679/
 https://sourceforge.net/p/flightgear/flightgear/ci/c7a2aef59979af3e9ff22daabb37bdaadb91cd75/
Description:
 In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger
 subsystem allows one to overwrite any file via a resource that affects the
 contents of the global Property Tree.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873439
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_flightgear:
upstream_flightgear: released (1:2017.2.1+dfsg-4)
precise/esm_flightgear: DNE
trusty_flightgear: ignored (reached end-of-life)
trusty/esm_flightgear: DNE (trusty was needed)
vivid/ubuntu-core_flightgear: DNE
xenial_flightgear: ignored (end of standard support, was needed)
zesty_flightgear: ignored (reached end-of-life)
artful_flightgear: not-affected (1:2017.2.1+dfsg-4)
bionic_flightgear: not-affected (1:2017.2.1+dfsg-4)
cosmic_flightgear: not-affected (1:2017.2.1+dfsg-4)
disco_flightgear: not-affected (1:2017.2.1+dfsg-4)
eoan_flightgear: not-affected (1:2017.2.1+dfsg-4)
focal_flightgear: not-affected (1:2017.2.1+dfsg-4)
groovy_flightgear: not-affected (1:2017.2.1+dfsg-4)
hirsute_flightgear: not-affected (1:2017.2.1+dfsg-4)
impish_flightgear: not-affected (1:2017.2.1+dfsg-4)
jammy_flightgear: not-affected (1:2017.2.1+dfsg-4)
devel_flightgear: not-affected (1:2017.2.1+dfsg-4)