Public bug reported: Binary package hint: lookup-el
References: [1] GLSA 200712-07 (http://www.gentoo.org/security/en/glsa/glsa-200712-07.xml) [2] Gentoo Bug 197306 (http://bugs.gentoo.org/show_bug.cgi?id=197306) [3] DSA-1269-1 (http://www.debian.org/security/2007/dsa-1269) Quoting [2]: "Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files." Quite old and already fixed in Debian since March, but only recently reported at Gentoo, so I thought I might report it here, also. Maybe applies for the older Ubuntu releases. ** Affects: lookup-el (Ubuntu) Importance: Undecided Status: New ** Affects: lookup-el (Gentoo Linux) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-0237 ** Bug watch added: Gentoo Bugzilla #197306 http://bugs.gentoo.org/show_bug.cgi?id=197306 ** Also affects: lookup-el (Gentoo Linux) via http://bugs.gentoo.org/show_bug.cgi?id=197306 Importance: Unknown Status: Unknown -- [lookup-el] [CVE-2007-0237] possible local symlink attack https://bugs.launchpad.net/bugs/176931 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
