On Mon, 31 Mar 2008 14:52:50 +0200
Nico Golde [EMAIL PROTECTED] wrote:
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-01-27 20:32]:
Completely predictable filenames and chmodding after creation open this up
for symlink attack.
I just had a look at this issue and can not confirm what you
Hi,
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-01-27 20:32]:
/usr/bin/comix, line 10494:
# ===
# Create the temporary directory used in this Comix session.
# The dir is /tmp/comix/num where num is 1 or higher
Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
/usr/bin/comix, line 10494:
# ===
# Create the temporary directory used in this
Same issue for /usr/bin/comicthumb, although reading the code, I
believe the temporary directory is only used for archives-inside-
archives.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
4 matches
Mail list logo
