Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 1 Oct 2008 15:48:43 +0200
From: Gerfried Fuchs <>
Subject: CVE id request: sabre


 There is a tmp file symlink attack pattern in the sabre run scripts
introduced by a Debian patch to them. Given that one of the binaries has
to be run as root due to svgalib requirements this might lead to
overwriting root-owned files in certain use cases.

Debian Bugreport: <>

Patch is currently in the works so I can't offer it yet.

 Could I please get a CVE id for it?

 Thanks in advance,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.