Nixpkgs security tracker

Untriaged

Permalink CVE-2009-5068

created 1 month, 3 weeks ago

There is a file disclosure vulnerability in SMF (Simple Machines …

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

References

http://www.openwall.com/lists/oss-security/2013/02/01/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_transferredx_refsource_MISC

Affected products

SMF

==through 2.0.3

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.3

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.3
- nixpkgs-25.11-darwin 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15
nixos-25.11 2022-09-15
- nixos-25.11-small 2022-09-15
- nixpkgs-25.11-darwin 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0
nixos-25.11 smf2wav-1.9.0
- nixos-25.11-small smf2wav-1.9.0
- nixpkgs-25.11-darwin smf2wav-1.9.0

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.tests.fetchFromGitHub.rootDir

None

nixos-unstable smfyc8dzpa0l
- nixpkgs-unstable smfyc8dzpa0l
- nixos-unstable-small smfyc8dzpa0l

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@NotAShelf NotAShelf <raf@notashelf.dev>
@eclairevoyant éclairevoyant
@Gerg-L Greg Leyda <gregleyda@proton.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

pkgs.python314Packages.pysmf

pkgs.tests.fetchFromGitHub.rootDir

Package maintainers