fyi, this is fixed in the latest release: 2.10pre7.
these scripts are no longer shipped.
Hamish
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Wed, Dec 17, 2008 at 10:29:10AM +0100, Tomas Hoger wrote:
Hi Hamish!
It seems that upstream fix for this issue is far from being ideal.
TMP=`tempfile -d /tmp -p geo. -s .code`
[...]
so calling this fixed-upstream and hoping that tempfile is somewhat
portable beyond Debian.
Hi Hamish!
It seems that upstream fix for this issue is far from being ideal.
TMP=`tempfile -d /tmp -p geo. -s .code`
[...]
so calling this fixed-upstream and hoping that tempfile is somewhat
portable beyond Debian.
Any particular reason for using Debian-specific tempfile, instead of
Tomas Hoger wrote:
It seems that upstream fix for this issue is far from being
ideal.
TMP=`tempfile -d /tmp -p geo. -s .code`
[...]
so calling this fixed-upstream and hoping that tempfile is somewhat
portable beyond Debian.
Any particular reason for using Debian-specific
geo-code, geo-nearest, and gpssmswatch scripts updated in upstream SVN to
use a method similar to:
TMP=`tempfile -p geo.`
if [ $? -ne 0 ] || [ -z $TMP ] ; then
echo ERROR: Unable to create temporary files 12
exit 1
fi
so calling this fixed-upstream and hoping that tempfile is somewhat
note these helper scripts are not a core part of running the program.
$ grep /tmp/ *
geo-code:TMP=/tmp/geo$$
geo-code: cp $COORDS /tmp/geo.google
geo-code:filter=tee /tmp/geo.yahoo
geo-code: cp $COORDS /tmp/geo.coords
geo-nearest:TMP=/tmp/geo
geo-nearest:
Package: gpsdrive
Version: 2.09-2.1
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was published for
gpsdrive.
CVE-2008-5380[1]:
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite
arbitrary files via a symlink attack on an
7 matches
Mail list logo
