Bug 116908

Summary:	dev-tcltk/tkdiff: insecure temporary file creation
Product:	Gentoo Security	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	tcltk
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	~3 [noglsa] jaervosz
Package list:		Runtime testing required:	---

Description Carsten Lohrke (RETIRED) gentoo-dev

2005-12-27 11:24:52 UTC

from DSA 927-1:

Package        : tkdiff
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3343

Javier Fern

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2005-12-27 11:24:52 UTC

from DSA 927-1:

Package        : tkdiff
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3343

Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that tkdiff, a graphical side by side "diff" utility,
creates temporary files in an insecure fashion.

[...]

patch: http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2-1sarge0.diff.gz

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-27 12:14:32 UTC

tcltk please advise and update ebuild as necessary.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-12-30 04:57:24 UTC

TCL/Tk herd, please patch.

Comment 4 MATSUU Takuto (RETIRED) gentoo-dev

2006-01-08 06:49:35 UTC

Added tk-4.1.1 in cvs and removed tk-4.0.2.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-08 08:48:31 UTC

B rating apparently an error, as there appears to be no stable version of this package. Closing without GLSA.