tags 321501 sarge Thanks Hi Javier,
On Fri, Aug 05, 2005 at 11:38:03PM +0200, Javier Fernández-Sanguino Peña wrote:
>
> Package: inkscape
> Version: 0.41-5
> Priority: normal
> Tags: patch security
>
> The inkscape ps2epsi extension shell script uses hardcoded tempfile
> definitions making it vulnerable to symlink attacks. The attached
> patch fixes this issue. For consistency, I've used the code already
> used by the dia2svg.sh extension.
Thanks for pointing this out. This was fixed upstream a while ago and
version 0.42 of inkscape doesn't have this problem. It still applies to
the versions in sarge and testing, though. I'll contact the security
team to ask how to proceed with sarge.
Thanks,
Wolfi
>
> Regards
>
> Javier
>
> PS: I'm not sure if using extensions is common to most users of Inkscape.
> If it is, please consider raising the priority of this bug.
> --- inkscape-0.41/share/extensions/ps2epsi.sh 2005-08-05 23:32:47.000000000
> +0200
> +++ inkscape-0.41/share/extensions/ps2epsi.sh.orig 2005-08-05
> 23:30:55.000000000 +0200
> @@ -1,7 +1,6 @@
> #!/bin/sh
>
> -TMPDIR="${TMPDIR-/tmp}"
> -TEMPFILENAME=`mktemp -t 2>/dev/null || echo "$TMPDIR/tmpdiafile.svg"`
> +TEMPFILENAME=/tmp/tmpepsifile.epsi
>
> ps2epsi "$1" "${TEMPFILENAME}" &> /dev/null
> cat ${TEMPFILENAME}
signature.asc
Description: Digital signature
