Bug#404743: CVE-2006-6698: local DoS vulnerability due to insecure tempdir handling

Josselin Mouette joss at debian.org
Thu Dec 28 12:28:48 UTC 2006

Le jeudi 28 décembre 2006 à 12:18 +0100, Stefan Fritsch a écrit :
> There is a patch at
> http://bugzilla.gnome.org/show_bug.cgi?id=141138
> which (AIUI) creates locking directories with random names.

As local locking is inherently broken anyway, I'm against pushing
workaround after workaround for this breakage.

> But I agree that this is not so important that some more or less 
> untested solution should go into etch.

It is not entirely untested, as global locking was the default until

: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20061228/954f820e/attachment.pgp

More information about the pkg-gnome-maintainers mailing list