This bug was fixed in the package gource - 0.23-1ubuntu0.1
---------------
gource (0.23-1ubuntu0.1) lucid-security; urgency=high
* SECURITY UPDATE: Gource uses a predictable temporary filename,
enabling a malicious co-user to overwrite an arbitrary file via a
symlink attack. (LP: #564373)
- src/commitlog.cpp: changed createTempLog() to create the temp file
using mkstemp().
-- Andrew Caudwell <[email protected]> Fri, 16 Apr 2010 13:54:44 +1200
** Changed in: gource (Ubuntu)
Status: Fix Committed => Fix Released
--
Gource uses a predictable temporary filename
https://bugs.launchpad.net/bugs/564373
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
