Public bug reported:
Binary package hint: comix
This sync fixes several security issues.
comix (3.6.4-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Apply patch by Mamoru Tasaka to fix arbitrary code execution
via crafted file names because of passing the filename directly
to string concatenation used in os.popen (CVE-2008-1568; Closes: #462840).
* Apply patch by Mamoru Tasaka to use empfile.mkdtemp() to enable comix
for multi-user environments and thus prevent a race condition in /tmp
without a real security impact (Closes: #462836).
-- Nico Golde <[EMAIL PROTECTED]> Thu, 03 Apr 2008 00:49:49 +0200
** Affects: comix (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1568
--
Please sync comix 3.6.4-1.1 from Debian(Unstable)
https://bugs.launchpad.net/bugs/212215
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
