Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl

To: Joey Hess <joeyh@debian.org>, 318285@bugs.debian.org
Subject: Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl
From: Frank Lichtenheld <djpig@debian.org>
Date: Sat, 16 Jul 2005 22:58:48 +0200
Message-id: <[🔎] 20050716205848.GG8422@djpig.de>
Reply-to: Frank Lichtenheld <djpig@debian.org>, 318285@bugs.debian.org
In-reply-to: <[🔎] 20050715114744.GZ8422@djpig.de>
References: <[🔎] 20050714142733.GA26234@kitenet.net> <[🔎] 20050715114744.GZ8422@djpig.de>

On Fri, Jul 15, 2005 at 01:47:44PM +0200, Frank Lichtenheld wrote:
> On Thu, Jul 14, 2005 at 05:27:33PM +0300, Joey Hess wrote:
> > According to http://secunia.com/advisories/16040:
> 
> Some investigation on it:
> There is a tempfile procedure available in tcllib, one could either
> use that or copy&paste (since it isn't available in tcllib in woody)
> 
> @security team: Should I cook up a patch for that?

Hmm, tried that and failed. Unfortunatly it requires more TCL knowledge
than I have.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

References:
- Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl
  - From: Joey Hess <joeyh@debian.org>
- Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl
  - From: Frank Lichtenheld <djpig@debian.org>

Prev by Date: Bug#318656: gtktalog segfaults on start
Next by Date: Bug#318656: gtktalog segfaults on start
Previous by thread: Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl
Next by thread: Let your computer be the PRO!
Index(es):
- Date
- Thread