Nikolaus Schulz wrote:
> Package: libid3-3.8.3c2a
> Version: 3.8.3-6
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> when tagging file $foo, a temporary copy of the file is created, and for some
> reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally,
> without any checking.
> This would silently truncate and overwrite an existing $foo.XXXXXX.
Please use CVE-2007-3912 for this.
Robert, please mention this id in the changelog when you upload a
new package (i.e. edit the current changelog entry when you're doing
another upload anyway).
Regards,
Joey
--
Those who don't understand Unix are condemned to reinvent it, poorly.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
