Date: Wed, 1 Oct 2008 15:48:43 +0200 From: Gerfried Fuchs <rhonda@....at> To: oss-security@...ts.openwall.com Subject: CVE id request: sabre Hello! There is a tmp file symlink attack pattern in the sabre run scripts introduced by a Debian patch to them. Given that one of the binaries has to be run as root due to svgalib requirements this might lead to overwriting root-owned files in certain use cases. Debian Bugreport: <http://bugs.debian.org/433996> Patch is currently in the works so I can't offer it yet. Could I please get a CVE id for it? Thanks in advance, Rhonda
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ