Hi!
Thank you for this report, the issue has already been fixed upstream
and IÄm waiting for a new bugfix release of PK, which will also solve
some other issues, so we can include this in Wheezy.
Cheers,
Matthias
2012/6/19 Julien Cristau :
> Package: packagekit-backend-aptcc
> Version: 0.7.4-4
Package: packagekit-backend-aptcc
Version: 0.7.4-4
Severity: grave
Tags: security
Justification: user security hole
/usr/share/PackageKit/helpers/aptcc/pkconffile uses a tempfile with a
fixed name in /tmp, which means anyone could create a
/tmp/pkconffile.templates symlink and have root trash the
2 matches
Mail list logo
