Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. you probably need to upload into testing-proposed-updates as well
Regards,
Joey
----- Forwarded message from Davide Madrisan <email address hidden> -----
From: Davide Madrisan <email address hidden>
Organization: QiNet s.r.l.
To: <email address hidden>
Subject: insecure temporary file creation in kdelibs 3.3.2
Date: Fri, 11 Feb 2005 09:16:38 +0100
The `dcopidlng' script in the KDE library package
(kdelibs-3.3.2/dcop/dcopidlng/dcopidlng)
creates temporary files in a unsecure manner.
Note: This bug has been find by `autospec', the work-in-progress tool used by
the QiLinux team to (semi)automatically create specfiles from tarballs and
update/check rpm packages. It's released under GPL and not QiLinux specific.
The latest release can be found at the URL: ftp://ftp.qilinux.it/pub/QiLinux/devel/tools/autospec/
Message-ID: <email address hidden>
Date: Sat, 12 Feb 2005 08:20:17 +0100
From: Martin Schulze <email address hidden>
To: <email address hidden>
Subject: CAN-2005-0365: insecure temporary file creation in kdelibs 3.3.2
Package: kdelibs
Version: 3.2.3-3.sarge.2 3.3.2-1
Severity: grave
Tags: security sarge sid patch
Please proposed- updates as well
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. you probably need to upload into testing-
Regards,
Joey
----- Forwarded message from Davide Madrisan <email address hidden> -----
From: Davide Madrisan <email address hidden>
Organization: QiNet s.r.l.
To: <email address hidden>
Subject: insecure temporary file creation in kdelibs 3.3.2
Date: Fri, 11 Feb 2005 09:16:38 +0100
The `dcopidlng' script in the KDE library package 3.3.2/dcop/ dcopidlng/ dcopidlng)
(kdelibs-
creates temporary files in a unsecure manner.
This bug has been fixed in 32 minutes (!) by Stephan Kulow, the KDE team bugs.kde. org/show_ bug.cgi? id=97608
leader. Here you can found the official patch:
http://
Note: This bug has been find by `autospec', the work-in-progress tool used by qilinux. it/pub/ QiLinux/ devel/tools/ autospec/
the QiLinux team to (semi)automatically create specfiles from tarballs and
update/check rpm packages. It's released under GPL and not QiLinux specific.
The latest release can be found at the URL:
ftp://ftp.
#include <best/regards.h> pgp.mit. edu/> www.qilinux. it
---
Davide Madrisan
QiLinux Security Team Leader
PGP keyID: 4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://
http://
----- End forwarded message -----
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.