Summary: | app-emacs/emacs-jabber symlink attack (CVE-2008-4952) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | emacs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/496428 | ||
Whiteboard: | B3 [ebuild] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Stefan Behte (RETIRED)
2008-11-05 22:08:28 UTC
DEBIAN: http://bugs.debian.org/496428 CODE: http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber Sorry, I don't follow. The string "tmp" doesn't even occur in the source code: emacs-jabber-0.7.1 $ find . -type f | xargs grep -i tmp emacs-jabber-0.7.1 $ So can you please elaborate what is the problem here? Very much looks like the problem is in Debian's build script. Can somebody confirm? We can close this as INVALID then. There got a CVE assigned and I was copying info from rbu's bug where we collected all infos. It's a debian-specific bug. I'm sorry for wasting out time. :/ |