Package: didjvu
Tags: security upstream fixed-upstream
Forwarded: https://bitbucket.org/jwilk/didjvu/issue/8
To create an IW44 layer, didjvu:
* creates a unique temporary file directly in /tmp (or in $TMPDIR)
* passes name of this file to c44(1) as the output file name
Unfortunately, c44 deletes the output file, and then creates a new one
under the same name (without O_EXCL). This opens a race window, during
which malicious local user could create their own file under this name.
This bug was fixed upstream in didjvu 0.4:
https://bitbucket.org/jwilk/didjvu/commits/c975bca6dfc6
CVE request:
http://www.openwall.com/lists/oss-security/2015/05/09/7
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org