3e1f5f983f
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340 "The vulnerability is caused due to temporary files being created insecurely in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user running the affected script." Bump to nb6.
14 lines
302 B
Text
14 lines
302 B
Text
$NetBSD: patch-ac,v 1.1 2006/01/17 22:48:57 adrianp Exp $
|
|
|
|
--- src/tuxpaint-import.sh.orig 2003-06-17 10:10:59.000000000 +0100
|
|
+++ src/tuxpaint-import.sh
|
|
@@ -12,8 +12,8 @@
|
|
# September 21, 2002 - June 17, 2003
|
|
|
|
|
|
-TMPDIR=/tmp
|
|
SAVEDIR=$HOME/.tuxpaint/saved
|
|
+TMPDIR=$SAVEDIR
|
|
|
|
|
|
if [ $# -eq 0 ]; then
|