Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 184013 - net-firewall/fireflier 1.1.6 unsafe temp file usage (CVE-2007-2837)
Summary: net-firewall/fireflier 1.1.6 unsafe temp file usage (CVE-2007-2837)
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25900/
Whiteboard: B3 [noglsa] aetius
Keywords: PMASKED
: 186223 (view as bug list)
Depends on: 178832
Blocks:
  Show dependency tree
 
Reported: 2007-07-02 19:19 UTC by Matt Drew (RETIRED)
Modified: 2007-09-05 19:15 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Drew (RETIRED) gentoo-dev 2007-07-02 19:19:59 UTC 
Apparently fireflier isn't in development anymore, but Debian patched it.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2837
http://fireflier.sourceforge.net/

we could drop in their patch, or just mask it and remove it.  Bug 178832 is a current removal request, not sure what is happening there.
Comment 1 Matt Drew (RETIRED) gentoo-dev 2007-07-02 19:21:20 UTC 
setting status.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-19 08:23:01 UTC 
netmon, any news here?
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-22 13:28:34 UTC 
*** Bug 186223 has been marked as a duplicate of this bug. ***
Comment 4 Markus Ullmann (RETIRED) gentoo-dev 2007-07-24 20:18:24 UTC 
Last Rites sent
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-25 05:28:30 UTC 
Time to vote for a masking GLSA.
Comment 6 Matt Drew (RETIRED) gentoo-dev 2007-07-25 22:54:26 UTC 
I vote no on the maskglsa, lets just let it die.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-26 15:20:06 UTC 
Voting NO and setting to enhancement pending complete removal.
Comment 8 Ryan Hill (RETIRED) gentoo-dev 2007-07-26 18:08:58 UTC 
i don't see last rites.  could you send them again?
Comment 9 Markus Ullmann (RETIRED) gentoo-dev 2007-09-05 19:15:23 UTC 
Dropped after mask on 24 Jul