wdiff stable update for Bug#425254
Hi.
I received this from the debian security team:
> Hi,
> the security issue was published for wdiff some time ago.
>
> | wdiff uses tmpnam(buf) to generate a temporary file, and fopen(buf, "w+") that
> | name, which is vulnerable to the usual symlink attack. It should use one of
> | the tmpnam alternatives like tmpfile().
>
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point update[0].
> Please contact the release team for this.
>
> This is Debian bug #425254.
>
> This is an automatically generated mail, in case you are already working on an
> upgrade this is of course pointless.
>
> For further information:
> [0] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
I'd like to upload a new wdiff for stable fixing this bug, if it's not
too late to do so. Just to be sure: It would go to stable-proposed-updates,
and it would be version 0.5-16etch1. Is this ok?
BTW: Nico, the above URL does not currently work.
Thanks.
Reply to: