CVE-2008-5136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5136): tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
It's using "#!/usr/bin/wish" I guess this is the line: file delete /tmp/tkusr.pgm
tk, does anyone in your camp have the tk programming power to contribute a patch?
Upstream seems dead, URL in package description is offline, package is maintainer-needed...this seems to be a canidate for removal. tcltk: could you advice?
# Víctor Ostorga <vostorga@gentoo.org> (07 Nov 2009) Upstream dead, URL in package description is offline, security vulerability CVE-2008-5136 net-misc/tkusr
GLSA vote: NO.
NO, too.
Treecleaned. Security: your turn now :]
Closing noglsa.