Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 22972 - app-text/noweb
Summary: app-text/noweb
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Highest critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-17 00:47 UTC by Daniel Ahlberg (RETIRED)
Modified: 2003-06-28 13:52 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Ahlberg (RETIRED) gentoo-dev 2003-06-17 00:47:56 UTC 
[SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation 
 
From:  
Matt Zimmerman <mdz@debian.org> 
 
 
To:  
debian-security-announce@lists.debian.org 
 
 
Date:  
Today 04.07.00 
 
 
 
Message was signed with unknown key 0x43E25D1E. 
The validity of the signature cannot be verified. 
 
 
-------------------------------------------------------------------------- 
Debian Security Advisory DSA 323-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
June 16th, 2003                         http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : noweb 
Vulnerability  : insecure temporary files 
Problem-Type   : local 
Debian-specific: no 
CVE Id         : CAN-2003-0381 
 
Jakob Lell discovered a bug in the 'noroff' script included in noweb 
whereby a temporary file was created insecurely.  During a review, 
several other instances of this problem were found and fixed.  Any of 
these bugs could be exploited by a local user to overwrite arbitrary 
files owned by the user invoking the script.
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-06-28 13:52:19 UTC 
glsa sent