Summary: | app-pda/p3nfs<=5.19 symlink attack (CVE-2008-5154) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | mobile-phone |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506270 | ||
Whiteboard: | B3 [] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Stefan Behte (RETIRED)
2008-11-18 19:08:25 UTC
Please apply the patch in $URL and revbump. Hi, I just checked the patch that Debian proposes; this is the relevant part: --- p3nfs-5.19.orig/etc/bluetooth.rc +++ p3nfs-5.19/etc/bluetooth.rc @@ -14,7 +14,8 @@ prog="bluetooth" ROOT=/local/bluez-2.0 -exec >> /tmp/blue.log 2>&1 +TMPFILE=$(mktemp -t blueXXXXXXXXX || exit 1) +exec >> $TMPFILE 2>&1 echo "--------------------" echo "$*" The vulnerable part that is being patched is a bluetooth subsystem start/stop script that is not even installed by our ebuild. This is a resolved:INVALID to me... (In reply to comment #2) > [...] > The vulnerable part that is being patched is a bluetooth subsystem start/stop > script that is not even installed by our ebuild. > > This is a resolved:INVALID to me... > ack, closing as invalid then. |