Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 288058

Summary: <app-arch/arc-5.21p: insecure temp file creation
Product: Gentoo Security Reporter: Jeremy Olexa (darkside) (RETIRED) <darkside>
Component: AuditingAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mario.fetka
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-10-07 13:49:58 UTC 
Security problem? I'm not sure, hence asking the experts!
-Jeremy

arc.o: In function `main':
arc.c:(.text+0x1ec): warning: the use of `mktemp' is dangerous, better use `mkstemp'
i686-pc-linux-gnu-gcc -Wl,-O1,--hash-style=gnu,--as-needed -o marc marc.o arcdata.o arcdos.o arcio.o arcmatch.o arcmisc.o  tmclock.o
marc.o: In function `main':
marc.c:(.text+0x179): warning: the use of `mktemp' is dangerous, better use `mkstemp'
>>> Source compiled.
>>> Test phase [not enabled]: app-arch/arc-5.21o
Comment 1 Mario Fetka (geos_one) 2010-10-04 15:54:53 UTC 
thos problem is solved in 5.21p
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 12:28:50 UTC 
Arches, please stabilize =app-arch/arc-5.21p
Comment 3 Agostino Sarubbo gentoo-dev 2011-01-10 13:05:52 UTC 
amd64 ok
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-10 16:08:21 UTC 
ppc/ppc64 stable
Comment 5 Myckel Habets (work) 2011-01-12 09:34:30 UTC 
Builds and runs fine on x86. Please mark stable for x86.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2011-01-12 13:49:36 UTC 
amd64 done. Thanks Agostino
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2011-01-12 14:32:12 UTC 
Stable for HPPA.
Comment 8 Markus Meier gentoo-dev 2011-01-15 14:40:23 UTC 
x86 stable, thanks Myckel
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2011-02-05 20:05:12 UTC 
Stable on alpha.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-02-12 17:51:26 UTC 
sparc stable
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-02-12 18:21:00 UTC 
GLSA Vote: yes.
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 22:32:14 UTC 
GLSA vote: NO
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:33:22 UTC 
Vote: NO. Closing noglsa.