On Wednesday 01 April 2009, Nico Golde wrote: > it has come to our intention that the Debian package of xfig > fixes some insecure temporary file creations in various > places in xfig. I attached the patch.
Created attachment 187036 [details, diff] xfig-3.2.5-mkstemp.patch
pva, ping
The patch above is incomplete, see additional analysis by Tomas Hoger (RedHat): https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1962
Should be fixed in 3.2.5b. And well... Debian slacks even more since hunk for u_print.c is still not there while we have everything in place. I'll try to open bug since I have more to share with Roland who does great job for Debian.
Oh, and about stabilization. Too many changes there so if possible I'd like to postpone it on one week. In any case xfig is better to be stabilized together with media-gfx/transfig-3.2.5c.
Week passed, no bugs opened. Arch teams, please, stabilize: media-gfx/xfig-3.2.5b media-gfx/transfig-3.2.5c
ppc64 done
Stable on alpha.
Stable for HPPA.
x86 stable
ia64/sparc stable
amd64 stable
Marked ppc stable.
GLSA Vote: No.
(In reply to comment #15) > GLSA Vote: No. > Thank you. Closing noglsa.