Subject: CVS commit: pkgsrc/graphics/tuxpaint
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 01/17/2006 22:48:57
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jan 17 22:48:57 UTC 2006
Modified Files:
pkgsrc/graphics/tuxpaint: Makefile distinfo
Added Files:
pkgsrc/graphics/tuxpaint/patches: patch-ac
Log Message:
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."
Bump to nb6.
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/graphics/tuxpaint/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/graphics/tuxpaint/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/tuxpaint/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.