Hi,
the DSA text is indeed incorrect, this is unfixed in sid.
Attached is the patch from the DSA.
Cheers,
Moritz
diff -u graphviz-2.2.1/debian/changelog graphviz-2.2.1/debian/changelog
--- graphviz-2.2.1/debian/changelog
+++ graphviz-2.2.1/debian/changelog
@@ -1,3 +1,11 @@
+graphviz (2.2.1-1sarge1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied upstream patch to fix insecure temporary file creation
+ [dotty/dotty.lefty, CAN-2005-2965]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 30 Sep 2005 14:00:46 +0200
+
graphviz (2.2.1-1) unstable; urgency=low
* New Upstream Version
only in patch2:
unchanged:
--- graphviz-2.2.1.orig/dotty/dotty.lefty
+++ graphviz-2.2.1/dotty/dotty.lefty
@@ -668,7 +668,10 @@
if (~(otype = ask ('print to', 'choice', 'file|printer')))
return;
if (otype == 'printer') {
- name = '/tmp/dottyout.ps';
+ if (~getenv ('TMPDIR'))
+ name = concat (getenv ('HOME'), '/.dottyout.ps');
+ else
+ name = concat (getenv ('TMPDIR'), '/.dottyout.ps', random (10000));
if (getenv ('LEFTYWINSYS') ~= 'mswin' & ~pr)
if (~(pr = ask ('printer command', 'string', 'lpr')))
return;
@@ -768,5 +771,5 @@
vt.canvas = canvas;
destroywidget (pscanvas);
if (otype == 'printer' & getenv ('LEFTYWINSYS') ~= 'mswin')
- system (concat (pr, ' /tmp/dottyout.ps; rm /tmp/dottyout.ps'));
+ system (concat (pr, ' ', name, '; rm ',name));
};
