Debian Security Advisory
DSA-500-1 flim -- insecure temporary file
- Date Reported:
- 01 May 2004
- Affected Packages:
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 10259.
In Mitre's CVE dictionary: CVE-2004-0422.
- More information:
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with internet messages, where temporary files were created without taking appropriate precautions. This vulnerability could potentially be exploited by a local user to overwrite files with the privileges of the user running emacs.
For the current stable distribution (woody) this problem has been fixed in version 1.14.3-9woody1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your flim package.
- Fixed in:
Debian GNU/Linux 3.0 (woody)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.