Prepare lm-sensors DTSA

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2008 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Micah Anderson <micah@debian.org> 2005-09-15 22:36:11 +0000
committer: Micah Anderson <micah@debian.org> 2005-09-15 22:36:11 +0000
commit: a9b351d820ab58ba7f936673bc4f882fc76e0e6b (patch)
tree: a962f04ce08486cf4bbf5ba58f6683b39f984fdf /data/DTSA/advs
parent: e394eb9684382e1d42d8571fa3050e44885921d3 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/data/DTSA/advs/18-lm-sensors.adv b/data/DTSA/advs/18-lm-sensors.adv
new file mode 100644
index 0000000000..f496864618
--- /dev/null
+++ b/data/DTSA/advs/18-lm-sensors.adv
@@ -0,0 +1,19 @@
+source: lm-sensors
+date: September 15th, 2005
+author: Micah Anderson
+vuln-type: insecure temporary file
+problem-scope: local
+debian-specifc: no
+cve: CAN-2005-2672
+vendor-advisory: 
+testing-fix: lm-sensors_1:2.9.1-6etch1
+sid-fix: 1:2.9.1-7
+upgrade: apt-get install lm-sensors
+
+Javier Fernández-Sanguino Peña discovered that a script included in
+lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary
+file with a predictable filename, leaving it vulnerable for a symlink
+attack.
+
+Note that this is the same set of security fixes put into stable in
+DSA-814-1.
author	Micah Anderson <micah@debian.org>	2005-09-15 22:36:11 +0000
committer	Micah Anderson <micah@debian.org>	2005-09-15 22:36:11 +0000
commit	a9b351d820ab58ba7f936673bc4f882fc76e0e6b (patch)
tree	a962f04ce08486cf4bbf5ba58f6683b39f984fdf /data/DTSA/advs
parent	e394eb9684382e1d42d8571fa3050e44885921d3 (diff)