gource (0.23-1ubuntu0.1) lucid-security; urgency=high
* SECURITY UPDATE: Gource uses a predictable temporary filename,
enabling a malicious co-user to overwrite an arbitrary file via a
symlink attack. (LP: #564373)
- src/commitlog.cpp: changed createTempLog() to create the temp file
using mkstemp().
Date: Fri, 16 Apr 2010 13:54:44 +1200
Changed-By: Andrew Caudwell <[email protected]>
Maintainer: Ubuntu MOTU Developers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/gource/0.23-1ubuntu0.1
Format: 1.8
Date: Fri, 16 Apr 2010 13:54:44 +1200
Source: gource
Binary: gource
Architecture: source
Version: 0.23-1ubuntu0.1
Distribution: lucid-security
Urgency: high
Maintainer: Ubuntu MOTU Developers <[email protected]>
Changed-By: Andrew Caudwell <[email protected]>
Description:
gource - graphical source control visualisation
Launchpad-Bugs-Fixed: 564373
Changes:
gource (0.23-1ubuntu0.1) lucid-security; urgency=high
.
* SECURITY UPDATE: Gource uses a predictable temporary filename,
enabling a malicious co-user to overwrite an arbitrary file via a
symlink attack. (LP: #564373)
- src/commitlog.cpp: changed createTempLog() to create the temp file
using mkstemp().
Checksums-Sha1:
6f5a4fc7e83eae0a097056b6a7a14da77d91642f 1360 gource_0.23-1ubuntu0.1.dsc
8025c6c81cab9699f15090c47bbaf0686abccb3c 3463 gource_0.23-1ubuntu0.1.diff.gz
Checksums-Sha256:
166bfe15fd09b2b358d86c4ce02974ee607ad0cde3eb114a55c2b6da0d1d6e26 1360
gource_0.23-1ubuntu0.1.dsc
5b30a8f049c2428b76da4f835222bdd07d32c684e45698f15b16e648f9c15b70 3463
gource_0.23-1ubuntu0.1.diff.gz
Files:
8e652504275332912cb17b6334ede13c 1360 vcs extra gource_0.23-1ubuntu0.1.dsc
abf870ec889341295d241e41cb1255bf 3463 vcs extra gource_0.23-1ubuntu0.1.diff.gz
Original-Maintainer: Andrew Caudwell <[email protected]>
--
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
