[Secure-testing-team] Bug#678189: packagekit-backend-aptcc: insecure tempfile use

[Julien Cristau]

Package: packagekit-backend-aptcc
Version: 0.7.4-4
Severity: grave
Tags: security
Justification: user security hole

/usr/share/PackageKit/helpers/aptcc/pkconffile uses a tempfile with a
fixed name in /tmp, which means anyone could create a
/tmp/pkconffile.templates symlink and have root trash the contents of
the linked file.  You need to use mktemp (or File::Temp or however it's
called in perl).

Cheers,
Julien

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages packagekit-backend-aptcc depends on:
ii  app-install-data    2010.11.17
ii  libapt-inst1.5      0.9.6
ii  libapt-pkg4.12      0.9.6
ii  libc6               2.13-33
ii  libgcc1             1:4.7.1-1
ii  libglib2.0-0        2.32.3-1
ii  libgstreamer0.10-0  0.10.36-1
ii  libstdc++6          4.7.1-1
ii  libxml2             2.8.0+dfsg1-4
ii  python              2.7.3~rc2-1
ii  python-packagekit   0.7.4-4

Versions of packages packagekit-backend-aptcc recommends:
ii  apt-xapian-index  0.45
ii  packagekit        0.7.4-4

Versions of packages packagekit-backend-aptcc suggests:
ii  gdebi-core  0.8.5

-- no debconf information