Summary: | media-video/nvclock: insecure temporary file usage (CVE-2007-3531) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | brebs, cornmander, malverian | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B1? [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Tavis Ormandy (RETIRED)
2007-07-03 10:04:50 UTC
Created attachment 123751 [details, diff]
use $HOME/.nvclock instead of /tmp/nvclock
this is CVE-2007-3531 I went ahead and fixed it, as there is no maintainer. x86: please test and mark stable nvclock-0.7-r2 x86 stable Okay, we're ready for a glsa vote. I'm tempted to vote YES, as arbitrary code execution is possible. tend to say yes here, too. Voting YES. let's GLSA 200707-08 then |