Note: This bug has been find by `autospec', the work-in-progress tool used =
by=20
the QiLinux team to (semi)automatically create specfiles from tarballs and=
=20
update/check rpm packages. It's released under GPL and not QiLinux specific.
The latest release can be found at the URL: ftp://ftp.qilinux.it/pub/QiLinux/devel/tools/autospec/
Message-ID: <email address hidden>
Date: Fri, 11 Feb 2005 15:36:10 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: FWD: insecure temporary file creation in kdelibs 3.3.2
--aVD9QWMuhilNxW9f Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: kdelibs-data
Version: 4:3.3.2-1
Tags: security
Severity: grave
We're vulnerable.
----- Forwarded message from Davide Madrisan <email address hidden> -=
----
=46rom: Davide Madrisan <email address hidden>
Date: Fri, 11 Feb 2005 09:16:38 +0100
To: <email address hidden>
Subject: insecure temporary file creation in kdelibs 3.3.2
Organization: QiNet s.r.l.
User-Agent: KMail/1.7.2
The `dcopidlng' script in the KDE library package=20 3.3.2/dcop/ dcopidlng/ dcopidlng)
(kdelibs-
creates temporary files in a unsecure manner.
This bug has been fixed in 32 minutes (!) by Stephan Kulow, the KDE team=20 bugs.kde. org/show_ bug.cgi? id=3D97608
leader. Here you can found the official patch:
http://
Note: This bug has been find by `autospec', the work-in-progress tool used = qilinux. it/pub/ QiLinux/ devel/tools/ autospec/
by=20
the QiLinux team to (semi)automatically create specfiles from tarballs and=
=20
update/check rpm packages. It's released under GPL and not QiLinux specific.
The latest release can be found at the URL:
ftp://ftp.
#include <best/regards.h> pgp.mit. edu/> www.qilinux. it
---
Davide Madrisan
QiLinux Security Team Leader
PGP keyID: 4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://
http://
----- End forwarded message -----
--=20
see shy jo
--aVD9QWMuhilNxW9f pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAjvQAJ wMRgsyz9feGBGEF gayLLhWreUUnACf RFSO a+cc08E0=
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCDRc5d8H
8rTvkkXEFtEc3Jk
=jwdZ
-----END PGP SIGNATURE-----
--aVD9QWMuhilNx W9f--