Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
According to http://lists.gnu.org/archive/html/emacs-devel/2007-10/msg00132.html there might be a "temp file hole" in Emacs functions tramp-make-temp-file and tramp-make-tramp-temp-file. Affected ebuilds: =app-editors/emacs-cvs-22.1.50_p20070829 (CVS snapshot) =app-editors/emacs-cvs-23.0.0-r7 (live CVS, hardmasked) =app-editors/emacs-cvs-23.0.50 (live CVS) =app-emacs/tramp-2.1.10-r1 (stable) I have verified that app-editors/emacs and <app-emacs/tramp-2.1 are _not_ affected by the problem.
(In reply to comment #0) > =app-editors/emacs-cvs-22.1.50_p20070829 (CVS snapshot) Can be masked, we want it in the tree as reference because shortly after big changes were introduced into upstream's tree. Patch it? > =app-editors/emacs-cvs-23.0.0-r7 (live CVS, hardmasked) > =app-editors/emacs-cvs-23.0.50 (live CVS) Will regulate itself by upstream, we can do a revision bump to force users to upgrade. > =app-emacs/tramp-2.1.10-r1 (stable) Will be patched by us. > I have verified that app-editors/emacs and <app-emacs/tramp-2.1 are _not_ > affected by the problem. And you even filed it faster than me! Here I propose B3 as severity, because confidential information can leak.
Upstream has committed a patch to their CVS, and I have backported it to app-emacs/tramp-2.1.10 and app-editors/emacs-cvs-22.1.50_p20070829. I still have to do some more testing, but I hope I can commit new ebuilds for both this evening.
Current status: =app-editors/emacs-cvs-22.1.50_p20070829 fixed in -r1 =app-editors/emacs-cvs-23.0.0-r7 live CVS, not yet fixed, hardmasked =app-editors/emacs-cvs-23.0.50 live CVS, was fixed by upstream security team: asking you for advice, is a revbump needed here? =app-emacs/tramp-2.1.10-r1 fixed in -r2 Arch teams: Please stabilise app-emacs/tramp-2.1.10-r2 Test plan: <http://overlays.gentoo.org/proj/emacs/wiki/test%20plans>
(In reply to comment #3) > Arch teams: Please stabilise app-emacs/tramp-2.1.10-r2 > Test plan: <http://overlays.gentoo.org/proj/emacs/wiki/test%20plans> ppc stable
x86 stable
alpha/sparc stable
amd64 stable
app-emacs/tramp-2.1.10-r1 removed. Everything fixed (or hardmasked) now.
Your typical insecure temp file creation bug, I vote yes for GLSA.
voting yes too, and request filed.
Vulnerable versions: app-emacs-tramp <2.1.10-r2 Unaffected versions: app-emacs/tramp <2.1, >=2.1.10-r2 app-editors/emacs-cvs never had any stable version.
GLSA 200710-22
Just to be explicit about this: app-xemacs/tramp-1.37 is based on tramp 2.0.55 and thus not affected by this bug. When a new version of app-xemacs/tramp is generated upstream we (=xemacs herd) should check that this is not based on a version that has this issue.
