On snein 27 Septimber 2009, Paul Wise wrote: > Package: merkaartor > Version: 0.14+svnfixes~20090912-1 > Severity: important > Tags: security > > Found a minor symlink attack in merkaartor. It allows a local attacker > to append the contents of the merkaartor log file to arbitrary files > owned by the user running merkaartor.
Thanks for reporting. Some observations: * applies to squeeze/sid but not lenny. * merkaartor does not run as root so this is not a critical issue. Uploading a fix to sid (and bpo?), perhaps with bumped urgency, would clear the issue. cheers, Thijs
signature.asc
Description: This is a digitally signed message part.

