Debian Security Advisory
DSA-630-1 lintian -- insecure temporary directory
- Date Reported:
- 10 Jan 2005
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 286681.
In Mitre's CVE dictionary: CVE-2004-1000.
- More information:
Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.
For the stable distribution (woody) this problem has been fixed in version 220.127.116.11.
For the unstable distribution (sid) this problem has been fixed in version 1.23.6.
We recommend that you upgrade your lintian package.
- Fixed in:
Debian GNU/Linux 3.0 (woody)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.