diff -Nru /tmp/NFk5ICCX8Y/fireflier-1.1.6/changelog /tmp/M3RbPSfdoJ/fireflier-1.1.6/changelog
--- /tmp/NFk5ICCX8Y/fireflier-1.1.6/changelog	2006-10-25 19:31:43.000000000 +0200
+++ /tmp/M3RbPSfdoJ/fireflier-1.1.6/changelog	2007-07-08 00:07:31.000000000 +0200
@@ -1,3 +1,16 @@
+fireflier (1.1.6-3ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: Unsafe tmp file handling
+  * Patch taken from fireflier 1.1.6-3etch1:
+    Fix the unsafe usage of temporary files, allowing arbitary file deletion.
+  * References:
+    DSA-1326
+    CVE-2007-2837
+  * debian/control: Modify Maintainer value to match
+    DebianMaintainerField spec.
+
+ -- Michael Bienia <geser@ubuntu.com>  Sun, 08 Jul 2007 00:07:31 +0200
+
 fireflier (1.1.6-3) unstable; urgency=low
 
   * to fix all those build problems now and forever I finally
diff -Nru /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/changelog /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/changelog
--- /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/changelog	2006-10-25 19:31:43.000000000 +0200
+++ /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/changelog	2007-07-08 00:07:31.000000000 +0200
@@ -1,3 +1,16 @@
+fireflier (1.1.6-3ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: Unsafe tmp file handling
+  * Patch taken from fireflier 1.1.6-3etch1:
+    Fix the unsafe usage of temporary files, allowing arbitary file deletion.
+  * References:
+    DSA-1326
+    CVE-2007-2837
+  * debian/control: Modify Maintainer value to match
+    DebianMaintainerField spec.
+
+ -- Michael Bienia <geser@ubuntu.com>  Sun, 08 Jul 2007 00:07:31 +0200
+
 fireflier (1.1.6-3) unstable; urgency=low
 
   * to fix all those build problems now and forever I finally
diff -Nru /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/control /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/control
--- /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/control	2006-10-25 19:27:54.000000000 +0200
+++ /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/control	2007-07-08 00:07:30.000000000 +0200
@@ -1,7 +1,8 @@
 Source: fireflier
 Section: net
 Priority: optional
-Maintainer: Martin Maurer <fireflier@gibraltar.at>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Martin Maurer <fireflier@gibraltar.at>
 Build-Depends: debhelper (>> 3.0.0), iptables-dev, libpam0g-dev, libssl-dev, libqt3-mt-dev, pkg-config, libgtkmm2.0-dev, g++, kdelibs4-dev, libxml2-dev, libgconf2-dev
 Standards-Version: 3.6.1
 
diff -Nru /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/fireflier-server.init /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/fireflier-server.init
--- /tmp/NFk5ICCX8Y/fireflier-1.1.6/debian/fireflier-server.init	2006-10-25 19:27:54.000000000 +0200
+++ /tmp/M3RbPSfdoJ/fireflier-1.1.6/debian/fireflier-server.init	2007-06-27 19:40:38.000000000 +0200
@@ -20,9 +20,19 @@
     exit 0
 fi
 
+# make sure we have a secure directory to make temporary files in.
+function maketmpdir() {
+  if [ ! -d /var/run/fireflier ]; then
+        mkdir /var/run/fireflier
+  fi
+  chmod 0700 /var/run/fireflier
+}
+
+
 case "$1" in
   start)
     echo -n "Starting fireflier server: $NAME"
+    maketmpdir
 	modprobe ip_queue 2>/dev/null
     start-stop-daemon --start --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON
     ;;
diff -Nru /tmp/NFk5ICCX8Y/fireflier-1.1.6/server/rules.cpp /tmp/M3RbPSfdoJ/fireflier-1.1.6/server/rules.cpp
--- /tmp/NFk5ICCX8Y/fireflier-1.1.6/server/rules.cpp	2006-10-25 19:28:02.000000000 +0200
+++ /tmp/M3RbPSfdoJ/fireflier-1.1.6/server/rules.cpp	2007-06-27 19:42:56.000000000 +0200
@@ -409,13 +409,13 @@
 
     // create file with output of iptables (I use this as it is easier than using libiptc
     // and iptables itself should work more reliable than implementing this functionality myself)
-    strcpy(cmd, "rm -f /tmp/fireflier.rules && touch /tmp/fireflier.rules && chmod 0700 /tmp/fireflier.rules && ");
+    strcpy(cmd, "rm -f /var/run/fireflier/fireflier.rules && touch /var/run/fireflier/fireflier.rules && chmod 0700 /var/run/fireflier/fireflier.rules && ");
     strcat(cmd, IPTABLES[iptables_path]);
-    strcat(cmd, " -v -L -n --line-numbers > /tmp/fireflier.rules");
+    strcat(cmd, " -v -L -n --line-numbers > /var/run/fireflier/fireflier.rules");
     system(cmd);
 
     // should usually work
-    if (stat("/tmp/fireflier.rules", &filedes)==-1)
+    if (stat("/var/run/fireflier/fireflier.rules", &filedes)==-1)
         return 0;
 
     filesize=filedes.st_size;
@@ -430,7 +430,7 @@
     buffer[filesize]=0;
 
     // open rules file
-    if ((handle=open("/tmp/fireflier.rules", O_RDONLY))==-1)
+    if ((handle=open("/var/run/fireflier/fireflier.rules", O_RDONLY))==-1)
         return 0;
 
     if (read(handle, buffer, filesize)==-1)
@@ -438,7 +438,7 @@
 
     close(handle);
     // finally delete the rules file to clean up
-    unlink("/tmp/fireflier.rules");
+    unlink("/var/run/fireflier/fireflier.rules");
 
     return buffer;
 }