Package: kdelibs-data Version: 4:3.3.2-1 Tags: security Severity: grave We're vulnerable. ----- Forwarded message from Davide Madrisan <davide.madrisan@qilinux.it> ----- From: Davide Madrisan <davide.madrisan@qilinux.it> Date: Fri, 11 Feb 2005 09:16:38 +0100 To: bugtraq@securityfocus.com Subject: insecure temporary file creation in kdelibs 3.3.2 Organization: QiNet s.r.l. User-Agent: KMail/1.7.2 The `dcopidlng' script in the KDE library package (kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary files in a unsecure manner. This bug has been fixed in 32 minutes (!) by Stephan Kulow, the KDE team leader. Here you can found the official patch: http://bugs.kde.org/show_bug.cgi?id=97608 Note: This bug has been find by `autospec', the work-in-progress tool used by the QiLinux team to (semi)automatically create specfiles from tarballs and update/check rpm packages. It's released under GPL and not QiLinux specific. The latest release can be found at the URL: ftp://ftp.qilinux.it/pub/QiLinux/devel/tools/autospec/ #include <best/regards.h> --- Davide Madrisan QiLinux Security Team Leader PGP keyID: 4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9 PGP public key: <http://pgp.mit.edu/> http://www.qilinux.it ----- End forwarded message ----- -- see shy jo
Attachment:
signature.asc
Description: Digital signature