Summary: | media-gfx/fbida: insecure temp. file creation (CVE-2006-1695) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | spock |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/19559/ | ||
Whiteboard: | B3 [glsa] Falco | ||
Package list: | Runtime testing required: | --- |
Description
Raphael Marichez (Falco) (RETIRED)
2006-04-10 05:34:19 UTC
patch proposed from debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370 > # tmp dir > -DIR="${TMPDIR-/var/tmp}/fbps-$$" > -mkdir -p $DIR || exit 1 > +DIR=`mktemp -dtp /tmp fbgs-XXXXXX` > +[ -d $DIR ] || exit 1 spock, please bump with provided patch Done, the patch is included in -r3. x86 please test and mark stable. i might be wrong, but fbida-2.03-r2 is marked stable for ppc64, and -r2 is vulnerable. So ppc64 has to test fbida-2.03-r3 and mark it stable too, thanks you in advance. it was commited staight so stable on ppc64... anyway.. seems to build and run just fine. np, thank you corsair x86 is done \(^.^)/ OK; glsa? i tend to vote "yes" (we have already provided several glsas concerning such symlink attacks and B3) I tend to vote YES. Half yes here too. One more look please another half yes thanks to jaervosz for the CVE reference Thx Falco. GLSA 200604-13 is out. |