Bug#349838: [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use

Niko Tyni ntyni at iki.fi
Tue Jan 31 11:43:11 UTC 2006

On Tue, Jan 31, 2006 at 11:14:37AM +0100, Martin Schulze wrote:

> Package        : libmail-audit-perl
> Vulnerability  : insecure temporay file createion
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2005-4536
> Debian Bug     : 344029
> Niko Tyni discovered that the Mail::Audit module, a Perl library for
> creating simple mail filters, logs to a temporary file with a
> predictable filename in an insecure fashion when logging is turned on,
> which is not the case by default.
> For the old stable distribution (woody) these problems have been fixed in
> version 2.0-4woody1.
> For the stable distribution (sarge) these problems have been fixed in
> version 2.1-5sarge1.

Hi security team,

unfortunately there's an error in the sarge package:

% perl -c /usr/share/perl5/Mail/Audit/MimeEntity.pm
syntax error at /usr/share/perl5/Mail/Audit/MimeEntity.pm line 8, near "use MIME::Parser"
/usr/share/perl5/Mail/Audit/MimeEntity.pm had compilation errors.

ii  libmail-audit-perl        2.1-5sarge1               Perl library for creating easy mail filters

Don's patch in #344029 had a typo (missing semicolon). See #349838 for the fix.

Apologies; we should have Cc'd the patch to security@ .
Niko Tyni	ntyni at iki.fi

More information about the pkg-perl-maintainers mailing list