found 546164 5.2.11.dsfg.1-1 severity 546164 important tag 546164 security thanks
On Wednesday 23 September 2009 02:22:45 sean finney wrote: > Version: 5.2.11.dsfg.1-1 > > hi federico, > > On Wed, Sep 23, 2009 at 08:58:29AM +0200, Federico Gimenez Nieto wrote: > > This seems to be fixed after the upload of 5.2.11.dsfg.1-1. > > great, thanks for letting us know. it's a bit odd since i don't think > we did anything explicitly for this, nor was there anything in the > upstream changelog mentioning the problem/fix... but hey, i'll take a > free fix :) > Nah, it was not fixed. It stopped being an RC issue because the tmpdir path is now set to something under /tmp, which an unprivileged user can create. I have a patch to workaround it by restoring the value originally set by PEAR::Config, but this still doesn't solve the real issue (and it is also open to symlink attacks[1]). [1] I don't remember the exact test conditions I used to test the symlink attack, though, as I did it in a rush. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
