Hi, ed allows a local user to overwrite arbitrary files via a symlink attack. Fixed in ed-0.3 base-system team, please advise.
ed-0.4 now in portage
thanks vapier.... arches please test sys-apps/ed-0.4 and mark stable if possible
Please note that the open_sbuf() security issue mentioned in the CVE was fixed in the Gentoo version of ed more than 2 years ago, see bug #66400, bug #73858, and GLSA 200410-07. sys-apps/ed-0.2-r6 is definitely _not_ affected by the issue.
good catch, that indeed appears to be the case vapier, could you confirm?
that does seem to be the case
sparc stable.
*** This bug has been marked as a duplicate of bug 66400 ***
arches, no need to mark this as stable now, Ulrich is right (comment #3). Thanks to him. Those who have already marked stable, you are free to decide what you prefer to do.
We'll just leave it stable and roll back if there's any problem with the newer version.
stable on hppa