[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

wdiff stable update for Bug#425254


I received this from the debian security team:

> Hi,
> the security issue  was published for wdiff some time ago.
> | wdiff uses tmpnam(buf) to generate a temporary file, and fopen(buf, "w+") that
> | name, which is vulnerable to the usual symlink attack.  It should use one of
> | the tmpnam alternatives like tmpfile().
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> However it would be nice if this could get fixed via a regular point update[0].
> Please contact the release team for this.
> This is Debian bug #425254.
> This is an automatically generated mail, in case you are already working on an
> upgrade this is of course pointless.
> For further information:
> [0] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable

I'd like to upload a new wdiff for stable fixing this bug, if it's not
too late to do so. Just to be sure: It would go to stable-proposed-updates,
and it would be version 0.5-16etch1. Is this ok?

BTW: Nico, the above URL does not currently work.


Reply to: