Package : joe
Problem type : symlink attack
The security fix for joe released on November 22, 2000 had a
problem: it created the DEADJOE file securily but didn't write
anything to it. This has been fixed in version 220.127.116.11 .
This is the text from the previous advisory:
When joe (Joe's Own Editor) dies due to a signal instead of a
normal exit it saves a list of the files it is editing to a file
called `DEADJOE' in its current directory. Unfortunately this
wasn't done safely which made joe vulnerable to a symlink
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.