Package: hugin Version: 0.6.1-1 Severity: important Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for hugin.
CVE-2007-5200[0]:
| hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite
| arbitrary files via a symlink attack on a temporary file.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
What SuSE did is just to delete the debug output to the tmp
file:
--- src/Panorama/PTOptimise.cpp
+++ src/Panorama/PTOptimise.cpp
@@ -36,9 +36,6 @@
#include <boost/property_map.hpp>
#include <boost/graph/graph_utility.hpp>
-#define DEBUG_WRITE_OPTIM_OUTPUT
-#define DEBUG_WRITE_OPTIM_OUTPUT_FILE "hugin_debug_optim_results.txt"
-
using namespace std;
using namespace PT;
using namespace PTools;
@@ -132,13 +129,6 @@
RunLMOptimizer( &opt );
ainf.data = opt.message;
// get results from align info.
-#ifdef DEBUG_WRITE_OPTIM_OUTPUT
- fullPath path;
- StringtoFullPath(&path, DEBUG_WRITE_OPTIM_OUTPUT_FILE );
-
- ainf.data = opt.message;
- WriteResults( script, &path, &ainf, distSquared, 0);
-#endif
pano.updateVariables(GetAlignInfoVariables(ainf) );
pano.updateCtrlPointErrors( GetAlignInfoCtrlPoints(ainf) );
}
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5200
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRRrqmHD1RC.pgp
Description: PGP signature
