Bug 235808 (CVE-2008-4935)

Comment 1 Christian Hoffmann (RETIRED) 2008-08-26 19:28:55 UTC

Confirmed in version 1.3.0_rc1. File: /usr/bin/asciiview
Line 6: rm $file
Line 10, 70, 73: Piping output to $file
Line 59: mkfifo $file (will probably just fail if already existing, program execution continues anyway)

Comment 2 Christian Hoffmann (RETIRED) 2008-08-26 19:32:18 UTC

No patch from Debian yet.
This package is maintained-needed.

Comment 3 Santiago M. Mola (RETIRED) 2008-09-11 18:52:37 UTC

Created attachment 165209 [details, diff]
02_tmp_creation.patch

Debian patched it.

Comment 4 Robert Buchholz (RETIRED) 2008-09-13 19:11:45 UTC

*aview-1.3.0_rc1-r1 (13 Sep 2008)

  13 Sep 2008; Robert Buchholz <rbu@gentoo.org>
  +files/aview-1.3.0_rc1-includes.patch,
  +files/aview-1.3.0_rc1-tmp_creation.patch, +aview-1.3.0_rc1-r1.ebuild:
  Non-maintainer bump:
  Fix insecure temporary file creation in asciiview (bug #235808)

Comment 5 Robert Buchholz (RETIRED) 2008-09-14 11:26:36 UTC

Arches, please test and mark stable:
=media-gfx/aview-1.3.0_rc1-r1
Target keywords : "amd64 ppc x86"

Comment 6 Santiago M. Mola (RETIRED) 2008-09-17 11:13:55 UTC

amd64 stable

Comment 7 Raúl Porcel (RETIRED) 2008-09-17 11:29:51 UTC

http://www.shatters.net/~claurel/celestia/images/moon-ls-140.pnm <- file to test

x86 stable

Comment 8 Tobias Scherbaum (RETIRED) 2008-09-19 18:57:11 UTC

ppc stable

Comment 9 Pierre-Yves Rofes (RETIRED) 2008-09-19 19:59:49 UTC

GLSA decision, voting YES.

Comment 10 Tobias Heinlein (RETIRED) 2008-09-22 12:40:09 UTC

YES too, request filed.

Comment 11 Tobias Heinlein (RETIRED) 2008-12-14 00:45:40 UTC

GLSA 200812-14, thanks everyone, sorry about the "delay".