This bug was fixed in the package pyro - 1:3.9.1-2ubuntu1
---------------
pyro (1:3.9.1-2ubuntu1) oneiric; urgency=low
* SECURITY UPDATE: arbitrary file overwriting via symlink (LP: #830742)
- store pidfile in /var/run instead of /tmp
- Pyro/ext/daemonizer.py changed default location to /var/run
- Pyro/ext/daemonizer.py added command-line parameter (--pidfile=...) to
override default pidfile location
- default location for pidfile is tunable via /etc/default/pyro-nsd
- CVE-2011-2765
-- Gustavo Goretkin <[email protected]> Mon, 22 Aug 2011 21:28:26
-0400
** Changed in: pyro (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/830742
Title:
pidfile in /tmp, opened insecurely
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyro/+bug/830742/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
