CVE-2008-4952 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4952): emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.
DEBIAN: http://bugs.debian.org/496428 CODE: http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber
Sorry, I don't follow. The string "tmp" doesn't even occur in the source code: emacs-jabber-0.7.1 $ find . -type f | xargs grep -i tmp emacs-jabber-0.7.1 $ So can you please elaborate what is the problem here?
Very much looks like the problem is in Debian's build script. Can somebody confirm? We can close this as INVALID then.
There got a CVE assigned and I was copying info from rbu's bug where we collected all infos. It's a debian-specific bug. I'm sorry for wasting out time. :/