Hi, attached is a patch to fix this issue. I will upload this as an NMU now.
Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u screenie-1.30.0/screenie screenie-1.30.0/screenie
--- screenie-1.30.0/screenie
+++ screenie-1.30.0/screenie
@@ -19,7 +19,7 @@
# Foundation Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
#global settings
-TMPF=/tmp/.screenie.$$
+TMPF=$(mktemp -t skreenie.XXXXXX || exit 1)
ACTIVE_SCREENS="screen \-ls | awk '/tached/ { print \$1}' | sort"
i=0
e=0
@@ -59,9 +59,9 @@
esac
#cleanup temp files
-if test -f /tmp/.screenie*
+if test -f $TMPF
then
- rm /tmp/.screenie* >/dev/null 2>&1
+ rm $TMPF >/dev/null 2>&1
fi
while :
diff -u screenie-1.30.0/debian/changelog screenie-1.30.0/debian/changelog
--- screenie-1.30.0/debian/changelog
+++ screenie-1.30.0/debian/changelog
@@ -1,3 +1,11 @@
+screenie (1.30.0-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix insecure temporary file creation
+ (CVE-2008-5371; Closes: #509332).
+
+ -- Nico Golde <n...@debian.org> Thu, 25 Dec 2008 00:54:32 +0100
+
screenie (1.30.0-5) unstable; urgency=low
* fix typo - thanks Osamu Aoki. Closes: #491372
pgpFcjSDVTtN0.pgp
Description: PGP signature
