Summary: | app-text/uudeview <0.5.20-r1 Insecure Temporary File Creation (CVE-2008-2266) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | darkside, maintainer-needed |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/30171/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-05-15 15:16:10 UTC
rbu, Is this something that needs to be masked? I can volunteer to mask it if needed. Nico ported a patch from Perl's Convert-UUlib to uudeview, it's available here: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=uudeview.patch;att=1;bug=480972 So instead of masking, we can bump the package. Or are there other reasons we'd want to retire it from the tree? any news here? *uudeview-0.5.20-r1 (28 Jul 2008) 28 Jul 2008; Robert Buchholz <rbu@gentoo.org> -files/uudeview-0.5.18-optimize_size.patch, +files/uudeview-0.5.20-CVE-2004-2265.patch, +files/uudeview-0.5.20-CVE-2008-2266.patch, +files/uudeview-0.5.20-bugfixes.patch, +files/uudeview-0.5.20-man.patch, +files/uudeview-0.5.20-rename.patch, +uudeview-0.5.20-r1.ebuild: Non-maintainer bump Pull in source patches from Debian * Fix temporary file issue (CVE-2004-2265, CVE-2008-2266, bug #222275) * Update uudeview man page, include uuwish man page * Several bug fixes Other changes: * Remove dead 'debug' use flag * Remove old patch Arches, please test and mark stable: =app-text/uudeview-0.5.20-r1 Target keywords : "amd64 ppc sparc x86" sparc/x86 stable amd64 stable ppc stable and ready for glsa voting We issued GLSAs for such vulnerabilities, so i vote Yes. Yes, combined with #224193. GLSA 200808-11 |