[ubuntu/lucid-security] gource (delayed), gource 0.23-1ubuntu0.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu May 6 14:03:39 BST 2010


gource (0.23-1ubuntu0.1) lucid-security; urgency=high

  * SECURITY UPDATE: Gource uses a predictable temporary filename,
    enabling a malicious co-user to overwrite an arbitrary file via a
    symlink attack. (LP: #564373)
    - src/commitlog.cpp: changed createTempLog() to create the temp file
      using mkstemp().

Date: Fri, 16 Apr 2010 13:54:44 +1200
Changed-By: Andrew Caudwell <acaudwell at gmail.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/gource/0.23-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Fri, 16 Apr 2010 13:54:44 +1200
Source: gource
Binary: gource
Architecture: source
Version: 0.23-1ubuntu0.1
Distribution: lucid-security
Urgency: high
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andrew Caudwell <acaudwell at gmail.com>
Description: 
 gource     - graphical source control visualisation
Launchpad-Bugs-Fixed: 564373
Changes: 
 gource (0.23-1ubuntu0.1) lucid-security; urgency=high
 .
   * SECURITY UPDATE: Gource uses a predictable temporary filename,
     enabling a malicious co-user to overwrite an arbitrary file via a
     symlink attack. (LP: #564373)
     - src/commitlog.cpp: changed createTempLog() to create the temp file
       using mkstemp().
Checksums-Sha1: 
 6f5a4fc7e83eae0a097056b6a7a14da77d91642f 1360 gource_0.23-1ubuntu0.1.dsc
 8025c6c81cab9699f15090c47bbaf0686abccb3c 3463 gource_0.23-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 166bfe15fd09b2b358d86c4ce02974ee607ad0cde3eb114a55c2b6da0d1d6e26 1360 gource_0.23-1ubuntu0.1.dsc
 5b30a8f049c2428b76da4f835222bdd07d32c684e45698f15b16e648f9c15b70 3463 gource_0.23-1ubuntu0.1.diff.gz
Files: 
 8e652504275332912cb17b6334ede13c 1360 vcs extra gource_0.23-1ubuntu0.1.dsc
 abf870ec889341295d241e41cb1255bf 3463 vcs extra gource_0.23-1ubuntu0.1.diff.gz
Original-Maintainer: Andrew Caudwell <acaudwell at gmail.com>


More information about the Lucid-changes mailing list