Comment 1 Carsten Lohrke (RETIRED) 2005-12-27 11:24:52 UTC

from DSA 927-1:

Package        : tkdiff
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3343

Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that tkdiff, a graphical side by side "diff" utility,
creates temporary files in an insecure fashion.

[...]

patch: http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2-1sarge0.diff.gz

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) 2005-12-27 12:14:32 UTC

tcltk please advise and update ebuild as necessary.

Comment 3 Thierry Carrez (RETIRED) 2005-12-30 04:57:24 UTC

TCL/Tk herd, please patch.

Comment 4 MATSUU Takuto (RETIRED) 2006-01-08 06:49:35 UTC

Added tk-4.1.1 in cvs and removed tk-4.0.2.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) 2006-01-08 08:48:31 UTC

B rating apparently an error, as there appears to be no stable version of this package. Closing without GLSA.