zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zhcon | Ejoy_and_hu_yong | 0.2 (including) | 0.2 (including) |
Zhcon | Ubuntu | dapper | * |
Zhcon | Ubuntu | devel | * |
Zhcon | Ubuntu | edgy | * |
Zhcon | Ubuntu | feisty | * |