PublicDate: 2007-04-13 18:19:00 UTC
Candidate: CVE-2007-2027
References:
 https://ubuntu.com/security/notices/USN-457-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027
Description:
 Untrusted search path vulnerability in the add_filename_to_string function
 in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause
 Elinks to use an untrusted gettext message catalog (.po file) in a "../po"
 directory, which can be leveraged to conduct format string attacks.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_elinks: released (0.10.6-1ubuntu3.1)
edgy_elinks: released (0.11.1-1ubuntu2.1)
feisty_elinks: released (0.11.1-1.2ubuntu2.1)
devel_elinks: released (0.11.1-1.4ubuntu1)
upstream_elinks: needs-triage