Package: netdisco-mibs-installer Severity: grave Tags: security Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for netdisco-mibs-installer. CVE-2008-5379[0]: | netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary | files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz | temporary file, related to the (1) netdisco-mibs-install and (2) | netdisco-mibs-download scripts. The best way is to use mktemp in shell scripts, which should work for this package too. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5379 http://security-tracker.debian.net/tracker/CVE-2008-5379 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
