A Debian bug report [1] notes that Gource creates its log file with a predictable name (/tmp/gource-$(UID).tmp), which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running Gource. Fedora 12 and higher contain Gource and are affected by this issue. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Created gource tracking bugs for this issue Affects: fedora-12 [bug 582782]
Reported upstream as issue #65: http://code.google.com/p/gource/issues/detail?id=65
Fix that went upstream: http://git.debian.org/?p=collab-maint/gource.git;a=patch;h=5aa2c8adfbe0ec3e5d802bfae8e5572562d911c7 This is also included in gource-0.26b. I'll rebase to it for rawhide and possibly F-13 and backport the patch for F-12.
Built backport for rawhide: http://koji.fedoraproject.org/koji/buildinfo?buildID=167217 Now we push.
gource-0.24-3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gource-0.24-3.fc12
gource-0.24-3.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/gource-0.24-3.fc13
gource-0.24-3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
gource-0.24-3.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
Closing. This is already in stable -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers