Package: gpsdrive
Version: 2.09-2.1
Severity: important
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
gpsdrive.

CVE-2008-5380[1]:
> gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite
> arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b)
> /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary
> file, related to the (1) geo-code and (2) geo-nearest scripts, different
> vectors than CVE-2008-4959.

If you fix the vulnerability please also make sure to include the CVE id in 
the changelog entry.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5380
     http://security-tracker.debian.net/tracker/CVE-2008-5380

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel

Reply via email to