[SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation From: Matt Zimmerman <mdz@debian.org> To: debian-security-announce@lists.debian.org Date: Today 04.07.00 Message was signed with unknown key 0x43E25D1E. The validity of the signature cannot be verified. -------------------------------------------------------------------------- Debian Security Advisory DSA 323-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman June 16th, 2003 http://www.debian.org/security/faq -------------------------------------------------------------------------- Package : noweb Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no CVE Id : CAN-2003-0381 Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely. During a review, several other instances of this problem were found and fixed. Any of these bugs could be exploited by a local user to overwrite arbitrary files owned by the user invoking the script.
glsa sent