Summary: | <lxde-base/menu-cache-1.1.0: Insecure temporary file creation in get_socket_name function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | charles17, lxde+disabled, lxqt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1451068 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 654910 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-05-16 07:14:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f661657090a6b55025e0ea37dcef73692c159c6c commit f661657090a6b55025e0ea37dcef73692c159c6c Author: charIes17 <charles17@arcor.de> AuthorDate: 2017-12-13 20:09:07 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-03-05 21:57:53 +0000 lxde-base/menu-cache: fix against CVE-2017-8933. Package-Manager: Portage-2.3.13, Repoman-2.3.3 Bug: https://bugs.gentoo.org/618620 Closes: https://github.com/gentoo/gentoo/pull/5355 .../files/menu-cache-1.0.2-CVE-2017-8933.patch | 122 +++++++++++++++++++++ lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild | 22 ++++ 2 files changed, 144 insertions(+)} *** Bug 649706 has been marked as a duplicate of this bug. *** (In reply to Agostino Sarubbo from comment #0) > From ${URL} : > > @maintainer(s): after the bump, in case we need to stabilize the package, > please let us know if it is ready for the stabilization or not. I have no authorisation for adding STABLEREQ here. Someone else needs to do. 1.0.2-r1 is no longer in the tree, but 1.1.0 carries the patch and is stable. @maintainers, please drop lxde-base/menu-cache-1.0.2 |