Bug 184013

Summary:	net-firewall/fireflier 1.1.6 unsafe temp file usage (CVE-2007-2837)
Product:	Gentoo Security	Reporter:	Matt Drew (RETIRED) <aetius>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED WONTFIX
Severity:	enhancement	CC:	jaervosz, netmon
Priority:	High	Keywords:	PMASKED
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/25900/
Whiteboard:	B3 [noglsa] aetius
Package list:		Runtime testing required:	---
Bug Depends on:	178832
Bug Blocks:

Description Matt Drew (RETIRED) gentoo-dev

2007-07-02 19:19:59 UTC

Apparently fireflier isn't in development anymore, but Debian patched it.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2837
http://fireflier.sourceforge.net/

we could drop in their patch, or just mask it and remove it.  Bug 178832 is a current removal request, not sure what is happening there.

Comment 1 Matt Drew (RETIRED) gentoo-dev

2007-07-02 19:21:20 UTC

setting status.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-07-19 08:23:01 UTC

netmon, any news here?

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-07-22 13:28:34 UTC

*** Bug 186223 has been marked as a duplicate of this bug. ***

Comment 4 Markus Ullmann (RETIRED) gentoo-dev

2007-07-24 20:18:24 UTC

Last Rites sent

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-07-25 05:28:30 UTC

Time to vote for a masking GLSA.

Comment 6 Matt Drew (RETIRED) gentoo-dev

2007-07-25 22:54:26 UTC

I vote no on the maskglsa, lets just let it die.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-07-26 15:20:06 UTC

Voting NO and setting to enhancement pending complete removal.

Comment 8 Ryan Hill (RETIRED) gentoo-dev

2007-07-26 18:08:58 UTC

i don't see last rites.  could you send them again?

Comment 9 Markus Ullmann (RETIRED) gentoo-dev

2007-09-05 19:15:23 UTC

Dropped after mask on 24 Jul