Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 381760 Details for
Bug 504898
<sys-libs/readline-6.3_p3 : insecure temporary file use in _rl_tropen() (CVE-2014-2524)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
readline-6.3-CVE-2014-2524.patch
readline-6.3-CVE-2014-2524.patch (text/plain), 796 bytes, created by
Andrey Ovcharov
on 2014-07-29 06:41:48 UTC
(
hide
)
Description:
readline-6.3-CVE-2014-2524.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2014-07-29 06:41:48 UTC
Size:
796 bytes
patch
obsolete
> READLINE PATCH REPORT > ===================== > >Readline-Release: 6.3 >Patch-ID: readline63-003 > >Bug-Reported-by: >Bug-Reference-ID: >Bug-Reference-URL: > >Bug-Description: > >There are debugging functions in the readline release that are theoretically >exploitable as security problems. They are not public functions, but have >global linkage. > >--- util.c.orig 2014-06-10 10:07:35.348027155 -0400 >+++ util.c 2014-06-10 10:07:38.248035226 -0400 >@@ -476,6 +476,7 @@ _rl_savestring (s) > return (strcpy ((char *)xmalloc (1 + (int)strlen (s)), (s))); > } > >+#if defined (DEBUG) > #if defined (USE_VARARGS) > static FILE *_rl_tracefp; > >@@ -538,6 +539,7 @@ _rl_settracefp (fp) > _rl_tracefp = fp; > } > #endif >+#endif /* DEBUG */ > > > #if HAVE_DECL_AUDIT_USER_TTY && defined (ENABLE_TTY_AUDIT_SUPPORT)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=381760">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 504898
: 381760
