Hi Steffen > Steffen Joeris <steffen.joe...@skolelinux.de> [2008-12-22 21:17]: > > Package: muttprint > Severity: normal > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for muttprint. > > CVE-2008-5368[0]: > | muttprint in muttprint 0.72d allows local users to overwrite arbitrary > | files via a symlink attack on the /tmp/muttprint.log temporary file. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. >
I understand this is a security problem related with muttprint, and I'll gonna fix it. However, the phrase "local user to overwrite arbitrary files via symlink attack" is misleading -- except if the local user is root. Can you please elaborate? Thanks. wbr, Lukas -- Lukas Ruf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
