please unblock dist 1:3.5-17-2

To: debian-release@lists.debian.org
Subject: please unblock dist 1:3.5-17-2
From: Manoj Srivastava <srivasta@ieee.org>
Date: Wed, 03 Sep 2008 00:32:16 -0500
Message-id: <[🔎] 87myiplrq7.fsf@anzu.internal.golden-gryphon.com>
Mail-followup-to: debian-release@lists.debian.org

Hi,

        This upload fixes a grave security bug (symlink attack in /tmp),
 and has no other code change.

        manoj

dist (1:3.5-17-2) unstable; urgency=high

  * If a script uses a temp file which is created in /tmp, then an
    attacker can create symlink with the same name in this directory in
    order to destroy or rewrite some system or user files.  Symlink attack
    may also lead not only to the data desctruction but to denial of
    service as well. Creating files with rand or pid to randomize the file
    names is not adequate to protect the system. We now use File::Temp to
    safely create the temporary files as needed. This closes a grave bug.
    There are no code changes in this version, apart from the bug fix.
                                                        Closes: #496412
  * Updated the Standards version. (No changes)

 -- Manoj Srivastava <srivasta@debian.org>  Fri, 29 Aug 2008 22:28:31 -0500

-- 
Don't make a big deal out of everything; just deal with everything.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: please unblock dist 1:3.5-17-2
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: on removing roxen4
Next by Date: Re: please unblock (and age) aview 1.3.0rc1-8.1
Previous by thread: Re: on removing roxen4
Next by thread: Re: please unblock dist 1:3.5-17-2
Index(es):
- Date
- Thread