On Tue, Jan 31, 2006 at 11:14:37AM +0100, Martin Schulze wrote: > Package : libmail-audit-perl > Vulnerability : insecure temporay file createion > Problem type : local > Debian-specific: no > CVE ID : CVE-2005-4536 > Debian Bug : 344029 > > Niko Tyni discovered that the Mail::Audit module, a Perl library for > creating simple mail filters, logs to a temporary file with a > predictable filename in an insecure fashion when logging is turned on, > which is not the case by default. > > For the old stable distribution (woody) these problems have been fixed in > version 2.0-4woody1. > > For the stable distribution (sarge) these problems have been fixed in > version 2.1-5sarge1.
Hi security team, unfortunately there's an error in the sarge package: % perl -c /usr/share/perl5/Mail/Audit/MimeEntity.pm syntax error at /usr/share/perl5/Mail/Audit/MimeEntity.pm line 8, near "use MIME::Parser" /usr/share/perl5/Mail/Audit/MimeEntity.pm had compilation errors. ii libmail-audit-perl 2.1-5sarge1 Perl library for creating easy mail filters Don's patch in #344029 had a typo (missing semicolon). See #349838 for the fix. Apologies; we should have Cc'd the patch to security@ . -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
