Hi, YFYI, CVE-2008-3216 was assigned to this issue. Please include the CVE id in the changelog if you close the bug.
====================================================== Name: CVE-2008-3216 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3216 Reference: MLIST:[oss-security] 20080709 CVE id request: projectl Reference: URL:http://www.openwall.com/lists/oss-security/2008/07/09/8 Reference: CONFIRM:http://bugs.debian.org/489988 The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp2LPijj0ROg.pgp
Description: PGP signature
