Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 133814 - net-misc/kphone: insecure file creation
Summary: net-misc/kphone: insecure file creation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B4 or ~4 [noglsa] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-19 14:36 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-05-22 21:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-19 14:36:49 UTC 
Hi,
this is very minor as for me.
However, Debian has just issued a DSA (1062-1)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830

see http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1.diff.gz
for the patch from Debian

From CVE :
"kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords."
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-19 14:38:22 UTC 
The question is worthy
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2006-05-20 11:59:06 UTC 
<<< kphone-4.2-r1.ebuild

arch teams, your part of the procedure.
Comment 3 Mark Loeser (RETIRED) gentoo-dev 2006-05-20 21:46:30 UTC 
x86 done
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-21 05:11:45 UTC 
Thanks Carlo
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-05-22 07:47:53 UTC 
sparc stable.
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-05-22 11:30:23 UTC 
ppc stable
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-22 13:01:52 UTC 
Thanks everybody.

I vote no glsa.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-22 13:53:15 UTC 
I tend to say NO too.
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-22 21:21:49 UTC 
another no and closing, feel free to reopen if you disagree