Summary: | app-text/acroread <8.1.2-r1 Tempfile race condition (CVE-2008-0883) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | printing | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://thread.gmane.org/gmane.comp.security.oss.general/61 | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-03-05 11:06:34 UTC
Created attachment 145339 [details, diff]
acroread-CVE-2008-0883.patch
This patch only applies to the "en" variant of the script, depending on linguas, other files might need to be patched. Printing, can you please also advise on the library situation? (In reply to comment #2) > This patch only applies to the "en" variant of the script, depending on > linguas, other files might need to be patched. Fixed this in acroread-8.1.2-r1 via sed command in the ebuild. > Printing, can you please also advise on the library situation? Not fixed yet, I will open a new bug about this. Unfortunately, that sed call will not fail unless the referenced file is missing, which should not happen. But Adobe will probably fix this in their next release anyway. What's your ETA on the libraries, i.e. call arches now or after a fix? (In reply to comment #4) > Unfortunately, that sed call will not fail unless the referenced file is > missing, which should not happen. But Adobe will probably fix this in their > next release anyway. > > What's your ETA on the libraries, i.e. call arches now or after a fix? > No ETA yet since not all libraries are available on amd64 in 32bit anyway, I'd say call the arches now to get the actual security bug fixed version stable so we have some time to look into the library situation. Thanks, when you open a new bug for the lib situation, please cc security@ Arches, please test and mark stable: =app-text/acroread-8.1.2-r1 Target keywords : "amd64 release x86" x86 stable amd64 stable (last arch) Fixed in release snapshot. time for glsa decision. I vote YES. I vote YES, also. GLSA 200803-26 |