Subject: Re: About updating scrollkeeper
To: Julio Merino <>
From: Jeremy C. Reed <>
List: tech-pkg
Date: 09/07/2002 13:13:15
On Sat, 7 Sep 2002, Julio Merino wrote:

> Our current textproc/scrollkeeper includes version 0.2 of this program.

I don't know about impact of updating.

But scrollkeeper has a security issue: "A local user could create a
symbolic link from a temporary file name to another critical file on the

Some root exploits are available. (empty)

I read that the tempfile vulnerability is for all versions of
ScrollKeeper between 0.3 and 0.3.11.

The sourceforge webpage doesn't seem to say anything about it though.

I found a patch at Debian's site (which patched other Debian-specific
stuff too.)

I don't know scrollkeeper.

   Jeremy C. Reed