This is CVE-2010-2192. Attached is the patch from upstream.
From upstream:
"The solution is very simple: put the locks in /var/lib/pmount-locks.
As /var/lib is not world-writable, there is no risk of a user
intercepting /var/lib/pmount-locks before pmount creates it. This is
what the attached patch does, and the best thing is that there won't
even be needs for postinst scripts with this solution."
This is CVE-2010-2192. Attached is the patch from upstream.
From upstream: pmount- locks. pmount- locks before pmount creates it. This is
"The solution is very simple: put the locks in /var/lib/
As /var/lib is not world-writable, there is no risk of a user
intercepting /var/lib/
what the attached patch does, and the best thing is that there won't
even be needs for postinst scripts with this solution."