Package : joe
Problem type : symlink attack
The security fix for joe released on November 22, 2000 had a
problem: it created the DEADJOE file securily but didn't write
anything to it. This has been fixed in version 220.127.116.11 .
This is the text from the previous advisory:
When joe (Joe's Own Editor) dies due to a signal instead of a
normal exit it saves a list of the files it is editing to a file
called `DEADJOE' in its current directory. Unfortunately this
wasn't done safely which made joe vulnerable to a symlink
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and