CVE-2008-3928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3928): test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on temporary files.
I've commited honeyd-1.5c-r1 which should fix this issue. The patch was taken from debian and basically it makes test.sh use /var/log instead of /tmp for log files. Please review and CC arch teams if everything is correct.
Arches, please test and mark stable: =net-analyzer/honeyd-1.5c-r1 Target keywords : "amd64 sparc x86"
amd64/x86 stable
sparc stable, closing
D'oh, sorry
time for glsa decision, I vote yes.
YES too, request filed.
GLSA 200812-12, thanks everyone, sorry about the "delay".