diff -u mon-0.99.2/debian/changelog mon-0.99.2/debian/changelog
--- mon-0.99.2/debian/changelog
+++ mon-0.99.2/debian/changelog
@@ -1,3 +1,13 @@
+mon (0.99.2-9ubuntu1.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
+    overwrite arbitrary files via a symlink attack on the test.alert.log
+    temporary file.. (LP: #285100)
+    - alert.d/test.alert : Dont create file in /tmp
+    - CVE-2008-4477
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Fri, 17 Oct 2008 20:39:19 +0200
+
 mon (0.99.2-9ubuntu1) dapper; urgency=low
 
   * debian/init:
only in patch2:
unchanged:
--- mon-0.99.2.orig/alert.d/test.alert
+++ mon-0.99.2/alert.d/test.alert
@@ -1,4 +1,4 @@
 #!/bin/sh
 #
 # $Id: test.alert 1.1 Sat, 26 Aug 2000 15:22:34 -0400 trockij $
-echo "`date` $*" >> /tmp/test.alert.log
+echo "`date` $*" >> /var/log/mon/test.alert.log