Hi! I requested a CAN number; when you fix this, please mention the number in the changelog.
Thanks!
Martin
----- Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> -----
Date: Fri, 16 Sep 2005 14:53:07 -0400 (EDT)
From: "Steven M. Christey" <[EMAIL PROTECTED]>
To: Martin Pitt <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: CAN request: insecure temp file in gtkdiskfree
X-Spam-Status: No, score=0.7 required=4.0 tests=AWL,BAYES_50 autolearn=no
version=3.0.3
======================================================
Candidate: CAN-2005-2918
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918
Reference: VULNWATCH:20050915 gtkdiskfree insecure temporary file creation
Reference: MISC:http://www.zataz.net/adviso/gtkdiskfree-09052005.txt
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=104565
The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and
earlier allows local users to overwrite arbitrary files via a symlink
attack on the gtkdiskfree temporary file.
----- End forwarded message -----
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
