The FlightGear project fixed a security issue, allowing arbitrary file overwrites for files the user running FlightGear has write access to and could be taken advantage to for other impact as arbitrary code execution. References: http://seclists.org/oss-sec/2016/q4/674 Upstream patch: https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/
Created FlightGear tracking bugs for this issue: Affects: fedora-all [bug 1405413]
Please, be aware that the fix for this issue seem to be incomplete: http://seclists.org/oss-sec/2017/q2/255
Yes, that's right, updated packages for this new CVE have been built yesterday: https://koji.fedoraproject.org/koji/buildinfo?buildID=891634 https://koji.fedoraproject.org/koji/buildinfo?buildID=891630 https://koji.fedoraproject.org/koji/buildinfo?buildID=891637 https://koji.fedoraproject.org/koji/buildinfo?buildID=891627
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.