[Pkg-citadel-devel] Bug#496359: The possibility of attack with the help of symlinks in some Debian packages
Moritz Muehlenhoff
jmm at inutil.org
Tue Aug 26 20:59:28 UTC 2008
tags 496359 confirmed patch
thanks
Dmitry E. Oboukhov wrote:
> Package: citadel-server
> Severity: grave
>
> Hi, maintainer!
>
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
This can indeed be used for symlink attacks during postinst phase,
attached patch fixes it.
Cheers,
Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: citadel-tmp.diff
Type: text/x-diff
Size: 848 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-citadel-devel/attachments/20080826/bdddd425/attachment.diff
More information about the Pkg-citadel-devel
mailing list