On Sat, Oct 06, 2007 at 06:27:01PM +0200, Nico Golde wrote:
> Hi,
> * Brandon Philips <[EMAIL PROTECTED]> [2007-10-06 18:18]:
> > On 11:47 Sat 06 Oct 2007, Josef Sipek wrote:
> > > On Sat, Oct 06, 2007 at 12:56:20PM +0200, Nico Golde wrote:
> > > > Hi,
> > > > I intend to NMU this bug.
> > > > The
On Sat, Oct 06, 2007 at 09:13:06AM -0700, Brandon Philips wrote:
> On 11:47 Sat 06 Oct 2007, Josef Sipek wrote:
> > On Sat, Oct 06, 2007 at 12:56:20PM +0200, Nico Golde wrote:
> > > Hi,
> > > I intend to NMU this bug.
> > > The attached patch fixes this issue.
> > > It will be also archived on:
> >
Hi,
* Brandon Philips <[EMAIL PROTECTED]> [2007-10-06 18:18]:
> On 11:47 Sat 06 Oct 2007, Josef Sipek wrote:
> > On Sat, Oct 06, 2007 at 12:56:20PM +0200, Nico Golde wrote:
> > > Hi,
> > > I intend to NMU this bug.
> > > The attached patch fixes this issue.
> > > It will be also archived on:
> > >
On 11:47 Sat 06 Oct 2007, Josef Sipek wrote:
> On Sat, Oct 06, 2007 at 12:56:20PM +0200, Nico Golde wrote:
> > Hi,
> > I intend to NMU this bug.
> > The attached patch fixes this issue.
> > It will be also archived on:
> > http://people.debian.org/~nion/nmu-diff/guilt_0.27-1_0.27-1.1.patch
>
> Th
On Sat, Oct 06, 2007 at 12:56:20PM +0200, Nico Golde wrote:
> Hi,
> I intend to NMU this bug.
> The attached patch fixes this issue.
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/guilt_0.27-1_0.27-1.1.patch
This patch breaks Guilt in several ways, I am in the process of
Hi,
uploading a fix now with permission of the maintainer.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpnJ6uXxQunU.pgp
Description: PGP signature
Hi,
I intend to NMU this bug.
The attached patch fixes this issue.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/guilt_0.27-1_0.27-1.1.patch
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail
Hi again,
* Nico Golde <[EMAIL PROTECTED]> [2007-10-04 22:47]:
> * Brandon Philips <[EMAIL PROTECTED]> [2007-10-04 22:27]:
> > On 21:16 Thu 04 Oct 2007, Romain Francoise wrote:
> > > Please use mktemp(1) to create temporary files.
> >
> > I have contacted Josef Sipek, the author, about the issue a
Hi,
* Brandon Philips <[EMAIL PROTECTED]> [2007-10-04 22:27]:
> On 21:16 Thu 04 Oct 2007, Romain Francoise wrote:
> > Please use mktemp(1) to create temporary files.
>
> I have contacted Josef Sipek, the author, about the issue and he will
> work on it for the next release.
>
> I will close this
On 21:16 Thu 04 Oct 2007, Romain Francoise wrote:
> Please use mktemp(1) to create temporary files.
I have contacted Josef Sipek, the author, about the issue and he will
work on it for the next release.
I will close this bug when the next release hits Debian.
Thanks,
Brandon
--
To U
Package: guilt
Version: 0.27-1
Severity: critical
Tags: security
guilt makes extensive use of the '$$' shell variable for temporary
files in /tmp. This is a serious security vulnerability; on multi-user
systems it allows an attacker to clobber files with something like the
following:
for i in
11 matches
Mail list logo
