Bug#349838: [SECURITY] [DSA 960-1] New libmail-audit-perl packages
fix insecure temporary file use
Niko Tyni
ntyni at iki.fi
Tue Jan 31 11:43:11 UTC 2006
On Tue, Jan 31, 2006 at 11:14:37AM +0100, Martin Schulze wrote:
> Package : libmail-audit-perl
> Vulnerability : insecure temporay file createion
> Problem type : local
> Debian-specific: no
> CVE ID : CVE-2005-4536
> Debian Bug : 344029
>
> Niko Tyni discovered that the Mail::Audit module, a Perl library for
> creating simple mail filters, logs to a temporary file with a
> predictable filename in an insecure fashion when logging is turned on,
> which is not the case by default.
>
> For the old stable distribution (woody) these problems have been fixed in
> version 2.0-4woody1.
>
> For the stable distribution (sarge) these problems have been fixed in
> version 2.1-5sarge1.
Hi security team,
unfortunately there's an error in the sarge package:
% perl -c /usr/share/perl5/Mail/Audit/MimeEntity.pm
syntax error at /usr/share/perl5/Mail/Audit/MimeEntity.pm line 8, near "use MIME::Parser"
/usr/share/perl5/Mail/Audit/MimeEntity.pm had compilation errors.
ii libmail-audit-perl 2.1-5sarge1 Perl library for creating easy mail filters
Don's patch in #344029 had a typo (missing semicolon). See #349838 for the fix.
Apologies; we should have Cc'd the patch to security@ .
--
Niko Tyni ntyni at iki.fi
More information about the pkg-perl-maintainers
mailing list