MidnightBSD

Advisories for barebones

CVE-2013-3667 MEDIUM

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
barebones yojimbo 1.5
barebones yojimbo 1.5.2
barebones textwrangler 3.5
barebones bbedit *
barebones bbedit 10.5.1
barebones bbedit 10.0
barebones yojimbo 2.2
barebones bbedit 10.1
barebones textwrangler 3.1
barebones yojimbo 3.0
barebones yojimbo 3.0.1
barebones textwrangler 3.0
barebones textwrangler 4.0
barebones bbedit 10.5.3
barebones yojimbo 1.5.1
barebones textwrangler *
barebones bbedit 10.1.1
barebones textwrangler 3.5.3
barebones bbedit 10.5
barebones bbedit 10.1.2
barebones yojimbo 2.1
barebones yojimbo 3.0.2
barebones yojimbo 1.4
barebones bbedit 10.0.1
barebones textwrangler 4.5
barebones yojimbo 1.4.2
barebones textwrangler 4.0.1
barebones textwrangler 2.3
barebones yojimbo 3.0.3
barebones yojimbo 1.4.1
barebones textwrangler 4.5.1
barebones textwrangler 3.5.1
barebones bbedit 10.5.2
barebones yojimbo *
barebones yojimbo 2.0