The following vulnerabilities were found by Jacub Jelinek in Midnight Commander : CAN-2004-0226 Buffer overflows CAN-2004-0231 Insecure temporary file and directory creations CAN-2004-0232 Format string problems No fix version, patches are backports from the CVS version. Already published advisories : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:039 http://www.debian.org/security/2004/dsa-497
Koon, Do you have a patch put together that patches clean for gentoo?
I haven't a patch yet. I can try to derive one from the Mandrake advisory, but it will probably be unclean. Heinrich : can you try to build a patch from the mc CVS ? If not, I will try to put something together from the Mandrake sources... -K
sorry for taking so long, added the security patch and marked stable on x86, other arches please test
Adding arches -- please test and mark app-misc/mc-4.6.0-r7 stable.
Stable on alpha.
Didn't mean to close the bug.. :)
Stable on hppa & sparc.
Marked ppc
Stable on mips.
amd64, ia64 : please mark stable
stable on amd64
GLSA 200405-21