comix (3.6.4-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Apply patch by Mamoru Tasaka to fix arbitrary code execution
via crafted file names because of passing the filename directly
to string concatenation used in os.popen (CVE-2008-1568; Closes: #462840).
* Apply patch by Mamoru Tasaka to use empfile.mkdtemp() to enable comix
for multi-user environments and thus prevent a race condition in /tmp
without a real security impact (Closes: #462836).
-- Stefan Ebner <email address hidden> Tue, 08 Apr 2008 06:53:31 +0100