On Mon, 31 Mar 2008 14:52:50 +0200
Nico Golde <[EMAIL PROTECTED]> wrote:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-01-27 20:32]:
> > Completely predictable filenames and chmodding after creation open this up
> > for symlink attack.
>
> I just had a look at this issue and can not confirm what
Hi,
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-01-27 20:32]:
> /usr/bin/comix, line 10494:
> # ===
> # Create the temporary directory used in this Comix session.
> # The dir is /tmp/comix/ where is 1 or higher
>
Same issue for /usr/bin/comicthumb, although reading the code, I
believe the temporary directory is only used for archives-inside-
archives.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
/usr/bin/comix, line 10494:
# ===
# Create the temporary directory used in this Comi
4 matches
Mail list logo
