-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 29 Aug 2008 22:28:31 -0500 Source: dist Binary: dist Architecture: source all Version: 1:3.5-17-2 Distribution: unstable Urgency: high Maintainer: Manoj Srivastava <srivasta@debian.org> Changed-By: Manoj Srivastava <srivasta@debian.org> Description: dist - Tools for developing, maintaining and distributing software. Closes: 496412 Changes: dist (1:3.5-17-2) unstable; urgency=high . * If a script uses a temp file which is created in /tmp, then an attacker can create symlink with the same name in this directory in order to destroy or rewrite some system or user files. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Creating files with rand or pid to randomize the file names is not adequate to protect the system. We now use File::Temp to safely create the temporary files as needed. This closes a grave bug. There are no code changes in this version, apart from the bug fix. Closes: #496412 * Updated the Standards version. (No changes) Checksums-Sha1: cfb3323008eef10947f0b0f0dfd4b5fa912e97f0 1082 dist_3.5-17-2.dsc 33efe7aa6709b744388c4c8b77fbc9b1a3448b07 50463 dist_3.5-17-2.diff.gz a6304b8e23a7a60ebbdae809d1e375cf91a4edfd 602276 dist_3.5-17-2_all.deb Checksums-Sha256: 30f12bf0f8c69dfe0f975d1fb49a958df17cc108e2d0edee6fe1ccf218474aa2 1082 dist_3.5-17-2.dsc cefa159b4fb96c0326e81154ad156267d10aaad463bfc90ae26ac72636d2462a 50463 dist_3.5-17-2.diff.gz 52417b5bd62fdd183577f8efcc6b25d822a519b35bac51a37d588e63e8a28928 602276 dist_3.5-17-2_all.deb Files: 2240ebc50a3633c37e61782f24c54fe4 1082 devel optional dist_3.5-17-2.dsc d0186bfc48731f1a7fa5a0fb8ed1c770 50463 devel optional dist_3.5-17-2.diff.gz c9c63b01a19500e6b070cee662b6712f 602276 devel optional dist_3.5-17-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki4xc0ACgkQIbrau78kQkwihQCg2+3bg9HDrBPPEsU6bdGfr44k i8YAn38hFg2IIPkJQu58FlQSaaq2Fsir =pE// -----END PGP SIGNATURE----- Accepted: dist_3.5-17-2.diff.gz to pool/main/d/dist/dist_3.5-17-2.diff.gz dist_3.5-17-2.dsc to pool/main/d/dist/dist_3.5-17-2.dsc dist_3.5-17-2_all.deb to pool/main/d/dist/dist_3.5-17-2_all.deb