oss-sec mailing list archives
CVE id request: sabre
From: Gerfried Fuchs <rhonda () deb at>
Date: Wed, 1 Oct 2008 15:48:43 +0200
Hello! There is a tmp file symlink attack pattern in the sabre run scripts introduced by a Debian patch to them. Given that one of the binaries has to be run as root due to svgalib requirements this might lead to overwriting root-owned files in certain use cases. Debian Bugreport: <http://bugs.debian.org/433996> Patch is currently in the works so I can't offer it yet. Could I please get a CVE id for it? Thanks in advance, Rhonda
Current thread:
- CVE id request: sabre Gerfried Fuchs (Oct 01)