Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5704 to the following vulnerability: src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380. References: http://openwall.com/lists/oss-security/2008/12/17/15 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Modified upstream to create temporary directory using mkdtemp: http://gpsdrive.svn.sourceforge.net/viewvc/gpsdrive?view=rev&revision=2236
We don't ship the 2.10* versions anywhere yet. ;) We only have 2.09. So, I assume we can just close this one?
(In reply to comment #2) > We don't ship the 2.10* versions anywhere yet. ;) > We only have 2.09. Sigh, my bad. I must have failed to check this against current Fedora pakcages. This really seem to have been added post-2.09 (wow, last changelog message in 2.09 is from 2004, so the file is not included, even though it's in SVN for more than 3 years now). > So, I assume we can just close this one? Sure.
reverting accidental whiteboard change