Hola Nico Golde! El 30/11/2008 a las 10:44 escribiste: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for tkman some time ago.
> CVE-2008-5137[0]: > | tkman in tkman 2.2 allows local users to overwrite arbitrary files via > | a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary > | file. > Unfortunately the vulnerability described above is not important enough > to get it fixed via regular security update in Debian stable. It does > not warrant a DSA. > However it would be nice if this could get fixed via a regular point > update[1]. > Please contact the release team for this. > This is an automatically generated mail, in case you are already working on an > upgrade this is of course pointless. > For further information: > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137 > [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable I've just uploaded a patched version (2.2-4), I'll be happy if someone reviews the patch. -- A computer scientist is someone who, when told to "Go to Hell," sees the "go to," rather than the destination, as harmful. Saludos /\/\ /\ >< `/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
