49990 – app-misc/mc : multiple vulnerabilities

Bug 49990 - app-misc/mc : multiple vulnerabilities

Summary: app-misc/mc : multiple vulnerabilities

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-05-04 10:05 UTC by Thierry Carrez (RETIRED)
Modified:	2009-08-05 11:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2004-05-04 10:05:25 UTC

The following vulnerabilities were found by Jacub Jelinek in Midnight Commander :

CAN-2004-0226 Buffer overflows
CAN-2004-0231 Insecure temporary file and directory creations
CAN-2004-0232 Format string problems

No fix version, patches are backports from the CVS version.

Already published advisories :
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:039
http://www.debian.org/security/2004/dsa-497

Comment 1 solar (RETIRED) gentoo-dev

2004-05-04 10:52:30 UTC

Koon,
Do you have a patch put together that patches clean for gentoo?

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2004-05-04 11:31:27 UTC

I haven't a patch yet. I can try to derive one from the Mandrake advisory, but it will probably be unclean. 

Heinrich : can you try to build a patch from the mc CVS ? If not, I will try to put something together from the Mandrake sources...

-K

Comment 3 Heinrich Wendel (RETIRED) gentoo-dev

2004-05-08 03:34:53 UTC

sorry for taking so long, added the security patch and marked stable on x86, other arches please test

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-05-09 11:12:25 UTC

Adding arches -- please test and mark app-misc/mc-4.6.0-r7 stable.

Comment 5 Bryan Østergaard (RETIRED) gentoo-dev

2004-05-09 13:49:25 UTC

Stable on alpha.

Comment 6 Bryan Østergaard (RETIRED) gentoo-dev

2004-05-09 13:50:20 UTC

Didn't mean to close the bug.. :)

Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev

2004-05-09 14:30:38 UTC

Stable on hppa & sparc.

Comment 8 Luca Barbato gentoo-dev

2004-05-10 05:19:18 UTC

Marked ppc

Comment 9 Joshua Kinard gentoo-dev

2004-05-14 20:15:47 UTC

Stable on mips.

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2004-05-21 00:56:34 UTC

amd64, ia64 : please mark stable

Comment 11 Heinrich Wendel (RETIRED) gentoo-dev

2004-05-24 05:29:05 UTC

amd64, ia64 : please mark stable

Comment 12 Jason Huebel (RETIRED) gentoo-dev

2004-05-25 11:27:05 UTC

stable on amd64

Comment 13 Thierry Carrez (RETIRED) gentoo-dev

2004-05-26 10:41:52 UTC

GLSA 200405-21