Hi, uploading an NMU to fix this bug, debdiff attached and also archived on: http://people.debian.org/~nion/nmu-diff/emacs21-21.4a+1-5.3_21.4a+1-5.4.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u emacs21-21.4a+1/debian/changelog emacs21-21.4a+1/debian/changelog --- emacs21-21.4a+1/debian/changelog +++ emacs21-21.4a+1/debian/changelog @@ -1,3 +1,11 @@ +emacs21 (21.4a+1-5.4) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix insecure temporary file creation in vcdiff script leading to + possible symlink attacks (CVE-2008-1694; Closes: #476612). + + -- Nico Golde <[EMAIL PROTECTED]> Mon, 28 Apr 2008 12:46:35 +0200 + emacs21 (21.4a+1-5.3) unstable; urgency=high * Non-maintainer upload. diff -u emacs21-21.4a+1/debian/patches/00list emacs21-21.4a+1/debian/patches/00list --- emacs21-21.4a+1/debian/patches/00list +++ emacs21-21.4a+1/debian/patches/00list @@ -30,0 +31 @@ +CVE-2008-1694 only in patch2: unchanged: --- emacs21-21.4a+1.orig/debian/patches/CVE-2008-1694.diff +++ emacs21-21.4a+1/debian/patches/CVE-2008-1694.diff @@ -0,0 +1,20 @@ +diff -Nurad emacs21-21.4a+1.orig/lib-src/vcdiff emacs21-21.4a+1/lib-src/vcdiff +--- emacs21-21.4a+1.orig/lib-src/vcdiff 2008-04-28 12:44:53.000000000 +0200 ++++ emacs21-21.4a+1/lib-src/vcdiff 2008-04-28 12:45:46.000000000 +0200 +@@ -86,14 +86,14 @@ + case $f in + s.* | */s.*) + if +- rev1=/tmp/geta$$ ++ rev1=$(mktemp /tmp/geta.XXXXXXXX) + get -s -p -k $sid1 "$f" > $rev1 && + case $sid2 in + '') + workfile=`expr " /$f" : '.*/s.\(.*\)'` + ;; + *) +- rev2=/tmp/getb$$ ++ rev2=$(mktemp /tmp/getb.XXXXXXXX) + get -s -p -k $sid2 "$f" > $rev2 + workfile=$rev2 + esac
pgpokHB4qvm7J.pgp
Description: PGP signature
