98004 – mail-client/kcheckgmail <= 0.5.1 insecure temporary file creation

Bug 98004 - mail-client/kcheckgmail <= 0.5.1 insecure temporary file creation

Summary: mail-client/kcheckgmail <= 0.5.1 insecure temporary file creation

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Auditing (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-05 07:02 UTC by Romang
Modified:	2007-01-06 16:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Romang 2005-07-05 07:02:40 UTC

Hello,

Take a look at :

src/gmail.cpp

21 // define this symbol if you want to write incoming HTML to disc
22 #undef DUMP_HTML
23 #define DUMP_HTML_FILE "/tmp/gmail.html"

300 #ifdef DUMP_HTML
301                 QFile f(DUMP_HTML_FILE);
302                 
303                 f.open( IO_WriteOnly | IO_Append );
304                 
305                 QTextStream stream(&f);
306                 stream << mPageBuffer;
307                 stream << endl << "##################### END DUMP" << endl
308                         << endl;
309 
310                 f.close();
311 #endif

Regards

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2005-07-05 07:09:35 UTC

Please report this issue upstream, as this looks like dead debugging code in our 
package.