Thanks for taking the time to report this bug and helping to make Ubuntu better.
The latest release of Ubuntu is not vulnerable to symlink race attacks, but earlier releases will need fixing. https://wiki.ubuntu.com/Security/Features#symlink Since this code is extremely hard to hit, I'm setting the priority to "Low". ** Changed in: aptitude (Ubuntu) Status: New => Confirmed ** Changed in: aptitude (Ubuntu) Importance: Undecided => Low ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/607264 Title: vulnerability: rewrite arbitrary user file -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
