Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 534448 - <app-admin/augeas-1.3.0: Incomplete fix for CVE-2012-0786 (CVE-2013-6412)
Summary: <app-admin/augeas-1.3.0: Incomplete fix for CVE-2012-0786 (CVE-2013-6412)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-03 16:28 UTC by GLSAMaker/CVETool Bot
Modified: 2016-10-14 13:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-03 16:28:38 UTC 
CVE-2013-6412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6412):
  The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0
  does not properly calculate the permission values when the umask contains a
  "7," which causes world-writable permissions to be used for new files and
  allows local users to modify the files via unspecified vectors.


Maintainer(s), this issue appears to be fixed in 1.2.0 and higher. Please bump to a non-vulnerable version and call for stabilization when ready.
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-01-05 22:40:00 UTC 
please stabilize 1.3.0.

note that it fails test, but it fails tests in the same way 1.1.0 does, so hope it isn't an issue.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-07-19 10:13:17 UTC 
@arches, please stabilize the following:

=app-admin/augeas-1.5.0
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-23 06:45:04 UTC 
Stable for HPPA.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2016-07-26 11:03:43 UTC 
Stable on alpha.
Comment 5 Agostino Sarubbo gentoo-dev 2016-07-28 08:43:59 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-07-28 14:09:10 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-09-29 09:35:49 UTC 
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-09-29 12:36:35 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-09-29 13:29:12 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-09-30 03:48:42 UTC 
oh, I cleaned this up 12 hours ago, removing myself from cc :D
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-10-14 13:42:13 UTC 
GLSA Vote: No