diff -u twiki-4.1.2/debian/postinst twiki-4.1.2/debian/postinst
--- twiki-4.1.2/debian/postinst
+++ twiki-4.1.2/debian/postinst
@@ -156,20 +156,32 @@
 		mkdir /var/lib/twiki/working 
 	fi
 	chown $TWIKI_OWNER.www-data /var/lib/twiki/working
+    chmod 1770 /var/lib/twiki/working
 	if [ ! -e /var/lib/twiki/working/work_areas ]; then
 		mkdir /var/lib/twiki/working/work_areas
 	fi
 	chown $TWIKI_OWNER.www-data /var/lib/twiki/working/work_areas
-
-	#mmmm, mailnotify etc may be running _not_ as www-data
-	#and for some reason create a session
-	#use 1777 to prevent third parties replacing the file with a doctored one
-	#put into /tmp/twiki so that the open dir can't be used by others to fill up /var, thus crashing all logging
-	if [ ! -e /tmp/twiki ]; then
-		mkdir /tmp/twiki
-	fi
-	chmod 1777 /tmp/twiki
-	chown $TWIKI_OWNER.www-data /tmp/twiki
+    chmod 1770 /var/lib/twiki/working/work_areas
+	if [ ! -e /var/lib/twiki/working/tmp ]; then
+		mkdir /var/lib/twiki/working/tmp
+	fi
+	chown $TWIKI_OWNER.www-data /var/lib/twiki/working/tmp
+    chmod 1770 /var/lib/twiki/working/tmp
+
+#$TWiki::cfg{RCS}{WorkAreaDir} = '/var/lib/twiki/working/work_areas';
+#$TWiki::cfg{TempfileDir} = '/var/lib/twiki/working/tmp';
+#$TWiki::cfg{WorkingDir} = '/var/lib/twiki/working';
+    #fix any paths in previous package installs
+    perl -pi -e \
+	        "s|^(.*{RCS}{WorkAreaDir}).*\$|\1 = '/var/lib/twiki/working/work_areas';|g" \
+	        /etc/twiki/LocalSite.cfg
+    perl -pi -e \
+	        "s|^(.*{TempfileDir}).*\$|\1 = '/var/lib/twiki/working/tmp';|g" \
+	        /etc/twiki/LocalSite.cfg
+    perl -pi -e \
+	        "s|^(.*{WorkingDir}).*\$|\1 = '/var/lib/twiki/working';|g" \
+	        /etc/twiki/LocalSite.cfg
+    
 
 	#add softlinks to make adding plugins easier ()
 	if [ ! -e /var/lib/twiki/lib ]; then
@@ -190,7 +202,7 @@
 	chown $TWIKI_OWNER.www-data /etc/twiki/LocalSite.cfg
 
 	# erase configuser password
-        db_reset "twiki/adminpassword"
+    db_reset "twiki/adminpassword"
 	db_fset  "twiki/adminpassword" "seen" "false" || true
 
 	db_stop
diff -u twiki-4.1.2/debian/LocalSite.cfg twiki-4.1.2/debian/LocalSite.cfg
--- twiki-4.1.2/debian/LocalSite.cfg
+++ twiki-4.1.2/debian/LocalSite.cfg
@@ -13,6 +13,6 @@
 $TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
-$TWiki::cfg{RCS}{WorkAreaDir} = '/tmp/twiki';
-$TWiki::cfg{TempfileDir} = '/tmp/twiki';
+$TWiki::cfg{RCS}{WorkAreaDir} = '/var/lib/twiki/working/work_areas';
+$TWiki::cfg{TempfileDir} = '/var/lib/twiki/working/tmp';
 $TWiki::cfg{WorkingDir} = '/var/lib/twiki/working';
-
+$TWiki::cfg{Sessions}{ExpireAfter} = 21600;
 1;
diff -u twiki-4.1.2/debian/changelog twiki-4.1.2/debian/changelog
--- twiki-4.1.2/debian/changelog
+++ twiki-4.1.2/debian/changelog
@@ -1,3 +1,15 @@
+twiki (1:4.1.2-3.2ubuntu1.1) intrepid-security; urgency=low
+
+  * Changes taken from Debian version 4.1.2-4
+  * SECURITY UPDATE: Possible symlink attack through /tmp directory
+    - move session files to /var/lib/twiki/working/tmp
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
+  * debian/patches: 001_WorkingDir.dpatch
+    - Modyfied patch to fix Template Login
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468159
+
+ -- Stefan Ebner <sebner@ubuntu.com>  Wed, 05 Nov 2008 19:57:05 +0100
+
 twiki (1:4.1.2-3.2ubuntu1) intrepid; urgency=low
 
   * Merge from Debian Unstable (LP: #182415), remaining Ubuntu changes:
diff -u twiki-4.1.2/debian/patches/001_WorkingDir.dpatch twiki-4.1.2/debian/patches/001_WorkingDir.dpatch
--- twiki-4.1.2/debian/patches/001_WorkingDir.dpatch
+++ twiki-4.1.2/debian/patches/001_WorkingDir.dpatch
@@ -9,18 +9,18 @@
 diff -urNad /tmp/build_deb/twiki-4.1.2/lib/TWiki.pm TWiki412/lib/TWiki.pm 
 --- /tmp/build_deb/twiki-4.1.2/lib/TWiki.pm	2007-03-04 01:45:57.000000000 +1100
 +++ TWiki412/lib/TWiki.pm	2007-10-29 13:47:09.000000000 +1100
-@@ -787,7 +787,9 @@
+@@ -787,7 +787,10 @@
          }
      }
  
 -    open(F, ">$passthruFilename") || die "{TempfileDir} cache not writable $!";
 +    use Fcntl;
 +    #passthrough file is only written to once, so if it already exists, suspect a security hack (O_EXCL)
-+    open(F, ">$passthruFilename", O_RDWR|O_EXCL|O_CREAT, 0644) || die "{TempfileDir} cache not writable $!";
++    sysopen(F, "$passthruFilename", O_RDWR|O_EXCL|O_CREAT, 0600) ||
++     die "Unable to open $TWiki::cfg{WorkingDir}/tmp for write; check the setting of {WorkingDir} in configure, and check file permissions: $!";
      $query->save(\*F);
      close(F);
      return 'twiki_redirect_cache='.$uid;
-
 diff -urNad /tmp/build_deb/twiki-4.1.2/lib/TWiki/Client.pm TWiki412/lib/TWiki/Client.pm 
 --- /tmp/build_deb/twiki-4.1.2/lib/TWiki/Client.pm	2007-03-04 01:45:57.000000000 +1100
 +++ TWiki412/lib/TWiki/Client.pm	2007-10-29 13:25:03.000000000 +1100