diff -u lvm10-1.0.8/1.0.8/tools/lvmcreate_initrd lvm10-1.0.8/1.0.8/tools/lvmcreate_initrd
--- lvm10-1.0.8/1.0.8/tools/lvmcreate_initrd
+++ lvm10-1.0.8/1.0.8/tools/lvmcreate_initrd
@@ -243,6 +243,10 @@
 # run out of room on the ramdisk while stripping the libraries.
 echo "$cmd -- stripping shared libraries"
 mkdir $TMPLIB
+if [ $? -ne 0 ]; then
+   echo "$cmd -- ERROR making $TMPLIB"
+   cleanup 1
+fi
 for LIB in $SHLIBS; do
    verbose "copy $LIB to $TMPLIB$LIB"
    mkdir -p `dirname $TMPLIB$LIB`
diff -u lvm10-1.0.8/debian/changelog lvm10-1.0.8/debian/changelog
--- lvm10-1.0.8/debian/changelog
+++ lvm10-1.0.8/debian/changelog
@@ -1,3 +1,15 @@
+lvm10 (1:1.0.8-4ubuntu1.1) warty-security; urgency=low
+
+  * SECURITY UPDATE: fix insecure temporary directory creation
+  * 1.0.8/tools/lvmcreate_initrd: make program fail if mkdir of temporary
+    directory ($TMPLIB) failed; earlier versions just continued to run which
+    allowed symlink attacks.
+  * References:
+    CAN-2004-0972
+    http://bugs.debian.org/279229
+
+ -- Martin Pitt <mpitt@debian.org>  Mon,  1 Nov 2004 22:49:38 +0100
+
 lvm10 (1:1.0.8-4ubuntu1) warty; urgency=low
 
   * Ignore errors from vgscan in postinst.