On Mon, 31 Mar 2008 14:52:50 +0200
Nico Golde <[EMAIL PROTECTED]> wrote:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-01-27 20:32]:
> > Completely predictable filenames and chmodding after creation open this up
> > for symlink attack.
>
> I just had a look at this issue and can not confirm what
Same issue for /usr/bin/comicthumb, although reading the code, I
believe the temporary directory is only used for archives-inside-
archives.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Same issue for /usr/bin/comicthumb:
141 rarfiles = os.popen('%s vb "%s"' % (rar,
compressed_file)).readlines()
152 os.popen('%s p -inul -- "%s" "%s" >
"/tmp/comicthumb/archive%d"'
153 % (rar, compressed_file, subarchive, depth), "r")
--
To UNSUBSCR
Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
Comix uses insufficient shell escaping when calling external programs
(rar/unrar, jpegtran)
6280 files = \
6281
Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
/usr/bin/comix, line 10494:
# ===
# Create the temporary directory used in this Comi
5 matches
Mail list logo
