Package: po4a Severity: serious Tags: security Hi,
A security issue has been reported against your package po4a: > lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite > arbitrary files via a symlink attack on the gettextization.failed.po > temporary file. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4462 It seems the new upstream 0.32 fixes this. Please mention the CVE id in the changelog when fixing this. Also please check whether stable and oldstable are vulneable and coordinate with the security team. Thanks, Thijs
pgphfAXUdAGr4.pgp
Description: PGP signature
