Summary: | net-analyzer/honeyd < 1.5c-r1 test.sh insecure temporary file creation (CVE-2008-3928) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3? [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Robert Buchholz (RETIRED)
2008-09-12 13:58:44 UTC
I've commited honeyd-1.5c-r1 which should fix this issue. The patch was taken from debian and basically it makes test.sh use /var/log instead of /tmp for log files. Please review and CC arch teams if everything is correct. Arches, please test and mark stable: =net-analyzer/honeyd-1.5c-r1 Target keywords : "amd64 sparc x86" amd64/x86 stable sparc stable, closing D'oh, sorry time for glsa decision, I vote yes. YES too, request filed. GLSA 200812-12, thanks everyone, sorry about the "delay". |