Summary: | media-video/mpeg-tools is full of insecure tempfile usage | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | SpanKY <vapier> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
SpanKY
2005-09-26 17:37:29 UTC
ive added mpeg-tools-1.5b-r2 (KEYWORD-ed -* for now) with three patches: mpeg-tools-1.5b-tempfile-convert.patch mpeg-tools-1.5b-tempfile-mpeg-encode.patch mpeg-tools-1.5b-tempfile-tests.patch i was able to test the ppm convert utilities, but i have no idea how to test the jmovie or vid ones ;) i tested most of the rewritten tests and it produces same results as unpatched mpeg_tools the mpeg-encode patch i really have no idea how to test ... x86 please test and mark stable. stable on x86 Amd64 arch team: could you add the ~amd64 keyword to benefit from the update ? Let's have a GLSA vote while waiting for amd64. I tend to vote YES. i'd vote yes too since this can be triggered during by doing `emerge mpeg-tools` and user has 'FEATURES=test' in make.conf :/ I vote YES too. Still waiting on amd64 to mark 1.5b-r2 ~amd64 Fwded to vendor-sec, CAN number asked. amd64 stable This is CAN-2005-3115 GLSA 200510-02 |