Hi Just as a reference and to inform you, this issue got CVE-2008-2958 assigned.
====================================================== Name: CVE-2008-2958 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958 Reference: MISC:http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140 Reference: SECUNIA:30873 Reference: URL:http://secunia.com/advisories/30873 Reference: XF:checkinstall-multiple-symlink(43440) Reference: URL:http://xforce.iss.net/xforce/xfdb/43440 Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
signature.asc
Description: This is a digitally signed message part.