[Bug 263086] [NEW] Please sync dist 3.5-17-2 from Debian(Unstable)

Tue Sep 2 10:14:09 BST 2008

You have been subscribed to a public bug by Luca Falavigna (dktrkranz):

Binary package hint: dist

Fixes a grave issue which could cause data loss and to denial of service
as well

 dist  (1:3.5-17-2) unstable; urgency=high

   * If a script uses a temp file which is created in /tmp, then an
     attacker can create symlink with the same name in this directory in
     order to destroy or rewrite some system or user files.  Symlink attack
     may also lead not only to the data desctruction but to denial of
     service as well. Creating files with rand or pid to randomize the file
     names is not adequate to protect the system. We now use File::Temp to
     safely create the temporary files as needed. This closes a grave bug.
     There are no code changes in this version, apart from the bug fix.
                                                         Closes: #496412
   * Updated the Standards version. (No changes)

 -- Manoj Srivastava <srivasta at debian.org>  Fri, 29 Aug 2008 22:28:31
-0500

** Affects: dist (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Please sync dist 3.5-17-2 from Debian(Unstable)
https://bugs.edge.launchpad.net/bugs/263086
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.