Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 537594 - <sys-devel/patch-2.7.3: directory traversal via file rename
Summary: <sys-devel/patch-2.7.3: directory traversal via file rename
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A4 [noglsa]
Keywords:
Depends on: CVE-2015-1196
Blocks:
  Show dependency tree
 
Reported: 2015-01-24 20:11 UTC by Agostino Sarubbo
Modified: 2015-03-17 08:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-01-24 20:11:00 UTC 
From ${URL} :

There is a directory traversal flaw via file rename.

It was reported to the Debian BTS as #775873[1] and is different from
#775227, which was a directory traversal via symlinks and got
CVE-2015-1196.

 [1] https://bugs.debian.org/775873
 [2] https://savannah.gnu.org/bugs/?44059


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-01-27 12:31:28 UTC 
This is fixed in =sys-devel/patch-2.7.3. Stabilization of that version is handled in bug #536614.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-03-17 03:52:00 UTC 
Maintainer(s), Thank you for you for cleanup.

GLSA Vote: No
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-03-17 08:51:16 UTC 
GLSA vote: no.

Closing as [noglsa]