This bug was fixed in the package gource - 0.23-1ubuntu0.1
---
gource (0.23-1ubuntu0.1) lucid-security; urgency=high
* SECURITY UPDATE: Gource uses a predictable temporary filename,
enabling a malicious co-user to overwrite an arbitrary file via a
symlink attack. (LP: #56437
** Changed in: gource (Ubuntu)
Status: Confirmed => Fix Committed
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Thanks for the debdiff, Andrew!
ACK'd
I'll upload it today, and will publish it on monday.
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubunt
** Changed in: gource (Ubuntu)
Status: New => Confirmed
** Changed in: gource (Ubuntu)
Importance: Undecided => Medium
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received this bug notification because you are a member of Ubuntu
Bugs, whic
** Changed in: gource (Debian)
Status: Unknown => Fix Released
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
This patch changes createTempLog() in src/commitlog.cpp to create the
temp file using mkstemp().
** Patch added: "gource_564373.patch"
http://launchpadlibrarian.net/44390404/gource_564373.patch
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received
** Bug watch added: Debian Bug tracker #577958
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
** Also affects: gource (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Importance: Unknown
Status: Unknown
--
Gource uses a predictable temporary filename
