pkgsrc-changes: CVS commit: pkgsrc/graphics/tuxpaint

Subject: CVS commit: pkgsrc/graphics/tuxpaint
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 01/17/2006 22:48:57

Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Jan 17 22:48:57 UTC 2006

Modified Files:
	pkgsrc/graphics/tuxpaint: Makefile distinfo
Added Files:
	pkgsrc/graphics/tuxpaint/patches: patch-ac

Log Message:
Add a patch via Debain to address:
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340

"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."

Bump to nb6.


To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/graphics/tuxpaint/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/graphics/tuxpaint/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/tuxpaint/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.