107312 2005-09-26 12:12 0000 app-arch/arc: insecure temporary file creation 2005-10-04 05:56:00 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B4 [noglsa] P2 minor --- 1 carlo@gentoo.org security@gentoo.org carlo@gentoo.org 2005-09-26 12:12:14 0000 http://www.zataz.net/adviso/arc-09052005.txt arc is missing a maintainer and metadata.xml carlo@gentoo.org 2005-09-26 12:13:50 0000 Created an attachment (id=69284) proposed-fix.patch Joey Schulze <joey@infodrom.org> replied on Bugtray proposing this patch. carlo@gentoo.org 2005-09-26 12:15:15 0000 *** This bug has been marked as a duplicate of 66251 *** carlo@gentoo.org 2005-09-26 12:15:57 0000 sorry, that one went wrong koon@gentoo.org 2005-09-27 00:32:07 0000 vapier/solar: no maintainer, care to apply the patch ? vapier@gentoo.org 2005-09-29 14:38:07 0000 (From update of attachment 69284) this patch is all mangled either way, there's a version upstream which is not in portage which has this fix vapier@gentoo.org 2005-09-29 15:22:03 0000 arc-5.21m now in portage koon@gentoo.org 2005-09-30 00:38:36 0000 Archs, please test and mark stable : Target KEYWORDS : "x86 ppc sparc alpha amd64 ppc64" ferdy@gentoo.org 2005-09-30 02:39:59 0000 alpha keyword for free !!!! Cheers, Ferdy gustavoz@gentoo.org 2005-09-30 10:11:03 0000 sparc stable. corsair@gentoo.org 2005-09-30 11:18:30 0000 stable on ppc64 hansmi@gentoo.org 2005-09-30 11:21:36 0000 Stable on ppc. blubb@gentoo.org 2005-09-30 13:09:46 0000 amd64 stable fuzzyray@gentoo.org 2005-09-30 13:19:37 0000 Stable on x86 koon@gentoo.org 2005-09-30 13:54:08 0000 Ready for GLSA vote koon@gentoo.org 2005-10-01 03:41:41 0000 This is information disclosure, not symlink. I tend to vote no. jaervosz@gentoo.org 2005-10-02 10:10:32 0000 I tend to vote NO too. koon@gentoo.org 2005-10-04 05:56:00 0000 Let's close it, since nobody else wants to vote... Please reopen if you disagree. 69284 2005-09-26 12:13 0000 proposed-fix.patch proposed-fix.patch text/plain LS0tIGFyY3N2Yy5jfsKgwqDCoDIwMDUtMDMtMTMgMTY6NDg6MDkuMDAwMDAwMDAwICswMTAwCisr KyBhcmNzdmMuY8KgwqDCoMKgMjAwNS0wOS0xNyAwOTo0MTo1MS4wMDAwMDAwMDAgKzAyMDAKQEAg LTE3LDYgKzE3LDkgQEAKwqDCoMKgwqDCoMKgwqDCoCBDb21wdXRlciBJbm5vdmF0aW9ucyBPcHRp bWl6aW5nIEM4NgrCoCovCsKgI2luY2x1ZGUgPHN0ZGlvLmg+CisjaW5jbHVkZSA8c3lzL3R5cGVz Lmg+CisjaW5jbHVkZSA8c3lzL3N0YXQuaD4KKyNpbmNsdWRlIDxmY250bC5oPgrCoCNpbmNsdWRl ICJhcmMuaCIKwqAjaWbCoMKgwqDCoF9NVFMKwqAjaW5jbHVkZSA8bXRzLmg+CkBAIC01Miw3ICs1 NSwxMiBAQCBvcGVuYXJjKGNoZynCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgLyog b3BlbiBhcmNoaXZlICovCsKgwqDCoMKgwqDCoMKgwqB9CsKgI2VuZGlmCsKgwqDCoMKgwqDCoMKg wqBpZiAoY2hnKSB7wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoC8qIGlmIG9wZW5pbmcgZm9y IGNoYW5nZXMgKi8KLcKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGlmICghKG5ldyA9IGZv cGVuKG5ld25hbWUsIE9QRU5fVykpKQorwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgaW50 IGZkOworCivCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBpZiAoKGZkID0gb3BlbihuZXdu YW1lLCBPX0NSRUFUfE9fRVhDTHxPX1JEV1IsIFNfSVJFQUR8U19JV1JJVEUpKSA9PSAtMSkKK8Kg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBhcmNkaWUoIkNhbm5v dCBjcmVhdGUgYXJjaGl2ZSBjb3B5OiAlcyIsIG5ld25hbWUpOworCivCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqBpZiAoIShuZXcgPSBmZG9wZW4oZmQsIE9QRU5fVykpKQrCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBhcmNkaWUoIkNhbm5vdCBjcmVh dGUgYXJjaGl2ZSBjb3B5OiAlcyIsIG5ld25hbWUpOwrCoArCoMKgwqDCoMKgwqDCoMKgY2hhbmdp bmcgPSBjaGc7wqDCoMKgwqDCoMKgwqDCoMKgLyogbm90ZSBpZiBvcGVuIGZvciBjaGFuZ2VzICov Cg==