Your message dated Mon, 22 Dec 2008 21:32:33 +0100
with message-id <[email protected]>
and subject line Re: Bug#509488: CVE-2008-5366: insecure temp file handling
has caused the Debian Bug report #509488,
regarding CVE-2008-5366: insecure temp file handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509488
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ppp
Version: 2.4.4rel-10.1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ppp.
CVE-2008-5366[0]:
| The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local
| users to overwrite arbitrary files via a symlink attack on the (1)
| /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5366
http://security-tracker.debian.net/tracker/CVE-2008-5366
--- End Message ---
--- Begin Message ---
On Dec 22, Steffen Joeris <[email protected]> wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for ppp.
So what? I don't know what the CVE criterias are for assigning an ID,
but it's customary of Debian contributors to abstain from mass-filing
bugs based on random greps of the archive.
Do your homeworks before wasting other people's time.
http://lists.debian.org/debian-devel/2008/08/msg00286.html
--
ciao,
Marco
signature.asc
Description: Digital signature
--- End Message ---
