Accepted: dist 1:3.5-17-2 (source)

Ubuntu Installer archive at ubuntu.com
Wed Sep 3 15:23:10 BST 2008


Accepted:
 OK: dist_3.5-17.orig.tar.gz
 OK: dist_3.5-17-2.diff.gz
 OK: dist_3.5-17-2.dsc
     -> Component: universe Section: devel

Origin: Debian/unstable
Format: 1.7
Date: Wed,  03 Sep 2008 15:13:10 +0100
Source: dist
Binary: dist
Architecture: source
Version: 1:3.5-17-2
Distribution: intrepid
Urgency: high
Maintainer: Manoj Srivastava <srivasta at debian.org>
Changed-By: Stefan Ebner <sebner at ubuntu.com>
Description: 
 dist       - Tools for developing, maintaining and distributing software.
Closes: 496412
Changes: 
 dist (1:3.5-17-2) unstable; urgency=high
 .
   * If a script uses a temp file which is created in /tmp, then an
     attacker can create symlink with the same name in this directory in
     order to destroy or rewrite some system or user files.  Symlink attack
     may also lead not only to the data desctruction but to denial of
     service as well. Creating files with rand or pid to randomize the file
     names is not adequate to protect the system. We now use File::Temp to
     safely create the temporary files as needed. This closes a grave bug.
     There are no code changes in this version, apart from the bug fix.
                                                         Closes: #496412
   * Updated the Standards version. (No changes)
Files: 
 d0186bfc48731f1a7fa5a0fb8ed1c770 50463 devel optional dist_3.5-17-2.diff.gz
 2240ebc50a3633c37e61782f24c54fe4 1082 devel optional dist_3.5-17-2.dsc





More information about the Intrepid-changes mailing list