Package: paxtest Version: 0.9.7-pre4-2 Severity: important Tags: security Hi,
paxtest writes to paxtest.log in $CWD, which might be abused by a local attacker to modify arbitrary files via a symlink or similar. I have confirmed it in version 0.9.9 too. Please mention the CVE id when fixing this bug. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3373 [1] http://security-tracker.debian.org/tracker/CVE-2010-3373 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
