sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. http://lists.debian.org/debian-devel/2008/08/msg00347.html http://uvw.ru/report.sid.txt
Created geda-gnetlist tracking bugs for this issue CVE-2008-5148 Affects: F8 [bug #472114] CVE-2008-5148 Affects: F9 [bug #472115] CVE-2008-5148 Affects: Fdevel [bug #472116]
geda-gnetlist-20080929-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.