On Sat, 7 Sep 2002, Julio Merino wrote: > Our current textproc/scrollkeeper includes version 0.2 of this program. I don't know about impact of updating. But scrollkeeper has a security issue: "A local user could create a symbolic link from a temporary file name to another critical file on the system." Some root exploits are available. http://securitytracker.com/alerts/2002/Sep/1005168.html http://lists.gentoo.org/pipermail/gentoo-security/2002-September/000160.html http://online.securityfocus.com/archive/1/290090/2002-09-01/2002-09-07/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0662 (empty) http://www.debian.org/security/2002/dsa-160 http://www.linuxsecurity.com/advisories/redhat_advisory-2323.html I read that the tempfile vulnerability is for all versions of ScrollKeeper between 0.3 and 0.3.11. The sourceforge webpage doesn't seem to say anything about it though. I found a patch at Debian's site (which patched other Debian-specific stuff too.) I don't know scrollkeeper. Jeremy C. Reed http://www.reedmedia.net/