diff -u cscope-15.3/debian/changelog cscope-15.3/debian/changelog
--- cscope-15.3/debian/changelog
+++ cscope-15.3/debian/changelog
@@ -1,3 +1,11 @@
+cscope (15.3-1woody2) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Applied adjusted patch by Gerardo Di Giacomo to fix insecure temporary
+    file creation [src/main.c, CAN-2004-0996]
+
+ -- Martin Schulze <joey@infodrom.org>  Wed, 24 Nov 2004 20:42:14 +0100
+
 cscope (15.3-1) unstable; urgency=low
 
   * New upstream release.  (Thanks to GOTO Masanori for the notification).
only in patch2:
unchanged:
--- cscope-15.3.orig/src/main.c
+++ cscope-15.3/src/main.c
@@ -336,9 +336,32 @@
 	}
 
 	/* create the temporary file names */
-	pid = getpid();
-	(void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid);
-	(void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid);
+	do {
+		char *tempfile = tempnam(tmpdir, "cscope1");
+		if (!tempfile) {
+			fprintf (stderr, "Can't create tempfile\n");
+			exit(1);
+		}
+		if (strlen(tempfile) >= sizeof(temp1)) {
+			fprintf (stderr, "TMPDIR path is too long\n");
+			exit(1);
+		}
+		strncpy (temp1, tempfile, sizeof (temp1));
+		free (tempfile);
+	} while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0);
+	do {
+		char *tempfile = tempnam(tmpdir, "cscope2");
+		if (!tempfile) {
+			fprintf (stderr, "Can't create tempfile\n");
+			exit(1);
+		}
+		if (strlen(tempfile) >= sizeof(temp2)) {
+			fprintf (stderr, "TMPDIR path is too long\n");
+			exit(1);
+		}
+		strncpy (temp2, tempfile, sizeof (temp2));
+		free (tempfile);
+	} while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0);
 
 	/* if running in the foreground */
 	if (signal(SIGINT, SIG_IGN) != SIG_IGN) {