Subject: Re: About updating scrollkeeper
To: Julio Merino <firstname.lastname@example.org>
From: Jeremy C. Reed <email@example.com>
Date: 09/07/2002 13:13:15
On Sat, 7 Sep 2002, Julio Merino wrote:
> Our current textproc/scrollkeeper includes version 0.2 of this program.
I don't know about impact of updating.
But scrollkeeper has a security issue: "A local user could create a
symbolic link from a temporary file name to another critical file on the
Some root exploits are available.
I read that the tempfile vulnerability is for all versions of
ScrollKeeper between 0.3 and 0.3.11.
The sourceforge webpage doesn't seem to say anything about it though.
I found a patch at Debian's site (which patched other Debian-specific
I don't know scrollkeeper.
Jeremy C. Reed