Candidate: CVE-2013-7301
PublicDate: 2014-02-02 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7301
 https://code.google.com/p/cantata/issues/detail?id=356
Description:
 Cantata before 1.2.2 does not restrict access to files in the play queue,
 which allows remote attackers to obtain sensitive information by reading
 the songs in the queue.
Ubuntu-Description:
 Automatically started HTTP server listens on all interfaces and will serve
 any file that the user running the HTTP server has access to, including e.g.
 ssh private keys.
Notes:
 sbeattie> according to debian bug report, 1.1.3 package does not start
   httpd server by default
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736154
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cantata:
upstream_cantata: pending (1.2.2)
lucid_cantata: DNE
precise_cantata: DNE
quantal_cantata: DNE
raring_cantata: ignored (reached end-of-life)
saucy_cantata: ignored (reached end-of-life)
trusty_cantata: not-affected (1.1.3-0ubuntu1~ubuntu13.11)
trusty/esm_cantata: DNE (trusty was not-affected [1.1.3-0ubuntu1~ubuntu13.11])
devel_cantata: not-affected (1.3.4.ds1-1)