Hi, attached is a patch to fix this issue. Going to upload it as a 0day NMU.
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u p3nfs-5.19/debian/changelog p3nfs-5.19/debian/changelog --- p3nfs-5.19/debian/changelog +++ p3nfs-5.19/debian/changelog @@ -1,3 +1,11 @@ +p3nfs (5.19-1.2) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix insecure temporary file usage in bluetooth.rc by using mktemp + (CVE-2008-5154; Closes: #506270). + + -- Nico Golde <[EMAIL PROTECTED]> Sat, 29 Nov 2008 11:32:31 +0100 + p3nfs (5.19-1.1) unstable; urgency=high * Non-maintainer upload. only in patch2: unchanged: --- p3nfs-5.19.orig/etc/bluetooth.rc +++ p3nfs-5.19/etc/bluetooth.rc @@ -14,7 +14,8 @@ prog="bluetooth" ROOT=/local/bluez-2.0 -exec >> /tmp/blue.log 2>&1 +TMPFILE=$(mktemp -t blueXXXXXXXXX || exit 1) +exec >> $TMPFILE 2>&1 echo "--------------------" echo "$*"
pgpc5CqsvaWbY.pgp
Description: PGP signature
