Debian Security Advisory
DSA-500-1 flim -- insecure temporary file
- Date Reported:
- 01 May 2004
- Affected Packages:
- flim
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 10259.
In Mitre's CVE dictionary: CVE-2004-0422. - More information:
-
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with internet messages, where temporary files were created without taking appropriate precautions. This vulnerability could potentially be exploited by a local user to overwrite files with the privileges of the user running emacs.
For the current stable distribution (woody) this problem has been fixed in version 1.14.3-9woody1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your flim package.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1.dsc
- http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1.diff.gz
- http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1_all.deb
MD5 checksums of the listed files are available in the original advisory.