Date: Wed, 1 Oct 2008 15:48:43 +0200 From: Gerfried Fuchs <rhonda@....at> To: oss-security@...ts.openwall.com Subject: CVE id request: sabre Hello! There is a tmp file symlink attack pattern in the sabre run scripts introduced by a Debian patch to them. Given that one of the binaries has to be run as root due to svgalib requirements this might lead to overwriting root-owned files in certain use cases. Debian Bugreport: <http://bugs.debian.org/433996> Patch is currently in the works so I can't offer it yet. Could I please get a CVE id for it? Thanks in advance, Rhonda
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.