Summary: | <net-firewall/fwbuilder-3.0.7 Insecure temporary file creation (CVE-2009-4664) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | trivial | CC: | dev-zero, maintainer-needed | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7 | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2009-09-21 20:45:05 UTC
Created attachment 209994 [details, diff]
3.0.7-secure-mktemp.patch
I just did a version bump including a patch written by me to fix the security issue.
Package compiles and runs fine here with the mentioned patch. Arches, please test and mark stable: =net-firewall/fwbuilder-3.0.7 Target keywords : "amd64 ppc ppc64 x86" ppc64 done x86 stable amd64 stable Marked ppc stable. glsa request filed. All affected versions removed from tree fwbuilder-3.0.7 is no longer in the tree. Closing as OBSOLETE. Please do not close security bug--we need to publish a GLSA for this--thanks. This issue was resolved and addressed in GLSA 201201-11 at http://security.gentoo.org/glsa/glsa-201201-11.xml by GLSA coordinator Sean Amoss (ackle). |