[Bug 212215] [NEW] Please sync comix 3.6.4-1.1 from Debian(Unstable)
Stefan Ebner
hellboy195 at gmail.com
Sat Apr 5 12:51:59 BST 2008
Public bug reported:
Binary package hint: comix
This sync fixes several security issues.
comix (3.6.4-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Apply patch by Mamoru Tasaka to fix arbitrary code execution
via crafted file names because of passing the filename directly
to string concatenation used in os.popen (CVE-2008-1568; Closes: #462840).
* Apply patch by Mamoru Tasaka to use empfile.mkdtemp() to enable comix
for multi-user environments and thus prevent a race condition in /tmp
without a real security impact (Closes: #462836).
-- Nico Golde <nion at debian.org> Thu, 03 Apr 2008 00:49:49 +0200
** Affects: comix (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1568
--
Please sync comix 3.6.4-1.1 from Debian(Unstable)
https://bugs.launchpad.net/bugs/212215
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list