Debian Security Advisory

DSA-500-1 flim -- insecure temporary file

Date Reported:
01 May 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 10259.
In Mitre's CVE dictionary: CVE-2004-0422.
More information:

Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with internet messages, where temporary files were created without taking appropriate precautions. This vulnerability could potentially be exploited by a local user to overwrite files with the privileges of the user running emacs.

For the current stable distribution (woody) this problem has been fixed in version 1.14.3-9woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your flim package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.