Bug 432807

Summary: Inkscape insecure temporary file usage in OCAL code
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: inkscapeAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: lkundrak
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.launchpad.net/fedora/+source/inkscape/+bug/191847
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-24 14:38:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2008-02-14 15:03:11 UTC 
Description of problem:

Inkscape uses predictable names for OCAL feed's and thumbnails' temporary files,
which make it possible for a local attacker to overwrite files via symlink attack.
Comment 1 Lubomir Kundrak 2008-02-14 15:06:54 UTC 
Fixed in inkscape-0.45.1+0.46pre1-4
Comment 2 Lubomir Kundrak 2008-02-14 15:11:17 UTC 
https://bugs.launchpad.net/fedora/+source/inkscape/+bug/191847
Comment 3 Lubomir Kundrak 2008-02-14 15:14:02 UTC 
CVE name was requested.