Package: lha Severity: grave Tags: security Justification: user security hole
Hi There is a CVE[0] issued against lha. It also leads to a patch[1], which apparently fixes the problem. Could you please investigate this. The CVE text says: lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Please remember mentioning the CVE number in your changelog entry. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2030 [1]: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=152702 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
