Summary: | sci-mathematics/scilab <4.1.2-r1: insecure temp file usage (CVE-2008-4983) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sci-mathematics |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Stefan Behte (RETIRED)
2008-11-07 02:34:47 UTC
Our in-tree version is vulnerable, I checked it. DEBIAN: http://bugs.debian.org/496414 FILES: scilink, scidoc, scidem CODE: http://dev.gentoo.org/~rbu/security/debiantemp/scilab-bin Thanks much for the note and I'll take care of this asap. Best, Markus I've added Debian's patch verbatim to portage since it comes from upstream and pushed out 4.1.2-r1. We need to stable 4.1.2-r1 on x86 but I suggest that we try all arches (x86, amd64, ppc) while we're at it. At least amd64 and x86 work fine for me. Thanks, Markus Arches, please test and mark stable: =sci-mathematics/scilab-4.1.2-r1 Target keywords: x86 Per maintainer request, please also mark stable (not required per security): amd64 ppc amd64/x86 stable ppc stable Ready for voting! I vote NO! we've had a ton of temp file issues recently, and we always issued a glsa... so voting yes. YES, filed GLSA 200901-14 |