Some security issues have been reported in Website META Language, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to insecure handling of temporary files in wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and wml_backend/p3_eperl/eperl_sys.c. This can be exploited via symlink attacks to overwrite or delete arbitrary files with the privileges of the user running the program. The security issues are reported in version 2.0.11. Other versions may also be affected. Solution: Restrict access to the temporary directory to trusted users only.
here's the patch, courtesy of Debian: http://people.debian.org/~nion/nmu-diff/wml-2.0.11-3_2.0.11-3.1.patch Hans, please bump.
Hans, please bump.
Apologies for the delay: vacations and real-life have been getting in the way. I hope to be able to get to it this weekend at the latest.
Hans, that sounds fine. Next time just post an update the first time so we know what to do:-)
The attached patch seems to break wml... I'll see what I can do over the weekend, but this does change the level of work needed.
I've just added wml-2.0.11-r3 to the tree with a reworked version of the Debian patch. I'd like to give it a few days as unstable to catch any remaining bugs.
No bug reports so far and seems to work fine on my own sites. I think we can mark this stable now.
Arches, please test and mark stable: =dev-lang/wml-2.0.11-r3 Target keywords : "amd64 ia64 ppc release s390 sparc x86"
ppc stable
x86 stable
ia64/sparc stable
amd64 stable
Fixed in release snapshot.
Ready for vote. I vote YES.
yes too, request filed.
GLSA 200803-23