Summary: | app-admin/gtkdiskfree <= 1.9.3 unsecure tmp file creation | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Romang <zataz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Romang
2005-09-02 02:16:40 UTC
Yes, obvious bug. He doesnt need a temp file to do that, popen returns a stream anyway, suggested quick fix attached. Created attachment 67471 [details, diff]
temp file fix
Let us know when upstream is aware. Hello, Upstream seems to be down. http://gtkdiskfree.tuxfamily.org/ or http://gtkdiskfree.sourceforge.net/ Regards. Hello, Email sends to vendor-sec@lst.de Regards. Pulling in maintainer: Daniel, this is still non-public. Since upstream is dead, would you be in favor of patching or removing ? Hello, Released the 15/09/2005 You can open the bug. Thxs for your time and help. Regards. Opening morfic, your opinion ? at a glance the patch looks good to me Not worth masking the package... Let's patch it, if we can find someone to do it... vapier: feel like it ? 1.9.3-r1 now in portage Archs, please test and mark stable... Stable on ppc. This is CAN-2005-2918 stable on ppc64 stable on x86 stable on amd64 Ready for GLSA vote I tend to vote yes. I tend to vote NO. I would vote YES, as it's so easy to exploit. Let there be a GLSA. GLSA 200510-01 |