Nikolaus Schulz wrote: > Package: libid3-3.8.3c2a > Version: 3.8.3-6 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > when tagging file $foo, a temporary copy of the file is created, and for some > reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, > without any checking. > This would silently truncate and overwrite an existing $foo.XXXXXX.
Please use CVE-2007-3912 for this. Robert, please mention this id in the changelog when you upload a new package (i.e. edit the current changelog entry when you're doing another upload anyway). Regards, Joey -- Those who don't understand Unix are condemned to reinvent it, poorly. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]