Summary: | media-gfx/comix <3.6.4-r1 Input filename command execution, file overwrite (CVE-2008-1568, CVE-2008-1796) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, vanquirius |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-04-01 13:03:13 UTC
See also here for an upstream comment: https://bugzilla.redhat.com/show_bug.cgi?id=430635#c1 Quoting Tomas Hoger: Additionally, comix seems to use python's tarfile module to extract tar archives. This module has known directory traversal issues (CVE-2007-4559), which were never fixed upstream. Tar archive with malicious content can be used to overwrite arbitrary file writable by user running comix. I grabbed two patches from fedora ( http://cvs.fedora.redhat.com/viewcvs/rpms/comix/F-8/ ) and added media-gfx/comix-3.6.4-r1 to the tree. This will hopefully fix this problem. looks good, thank you. Arches, please test and mark stable: =media-gfx/comix-3.6.4-r1 Target keywords : "amd64 ppc release x86" x86 stable amd64 stable ppc stable Fixed in release snapshot. GLSA request filed. CVE-2008-1796 has been assigned to the tempfile issue, which was fixed with the other patch. GLSA 200804-29 |