Bug#404743: CVE-2006-6698: local DoS vulnerability due to
insecure tempdir handling
Josselin Mouette
joss at debian.org
Thu Dec 28 12:28:48 UTC 2006
Le jeudi 28 décembre 2006 à 12:18 +0100, Stefan Fritsch a écrit :
> There is a patch at
>
> http://bugzilla.gnome.org/show_bug.cgi?id=141138
>
> which (AIUI) creates locking directories with random names.
As local locking is inherently broken anyway, I'm against pushing
workaround after workaround for this breakage.
> But I agree that this is not so important that some more or less
> untested solution should go into etch.
It is not entirely untested, as global locking was the default until
2.4.
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20061228/954f820e/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list