Package: sdm-terminal Severity: minor Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for sdm-terminal.
CVE-2008-5372[0]: | sdm-login in sdm-terminal 0.4.0b allows local users to overwrite | arbitrary files via a symlink attack on the /tmp/sdm.autologin.once | temporary file. I can only see that there is a touch call on the symlink, but no redirect or anything. Anyway, please check whether this can be done without a fixed filename under /tmp, just in case you use it for different things in the future. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5372 http://security-tracker.debian.net/tracker/CVE-2008-5372 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
