Fedora Account System
Red Hat Associate
Red Hat Customer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3124 http://seclists.org/lists/fulldisclosure/2005/Nov/0128.html Patch in Gentoo's CVS: http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff
Thanks a lot for pointing this out, and for the links. Expect a fixed package for FC3, 4 & devel today.