| Summary: | sys-fs/lvm-user: Insecure tmpfile use | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | base-system | ||||
| Priority: | Highest | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| URL: | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308 | ||||||
| Whiteboard: | B3 [glsa] koon | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
|
Description
Thierry Carrez (RETIRED)
2004-10-21 07:58:37 UTC
Created attachment 42316 [details, diff]
Patch from RedHat bug
Patch from RedHat
We have two lvm packages in our tree, lvm-user for LVM 1.* and lvm2 for LVM 2.*. The script is only in LVM 1.* releases. So we should either remove the package or fix it :) base-system: please either fix this or remove lvm-user altogether. I'm sure you prefer we don't mess with it ourselves :) Debian bug report: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279229> Diff from Ubuntu Linux (full diff to orig package including typical Debian stuff): <http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubuntu1.1.diff.gz> Patch in attachment applies cleanly to lvm-user-1.0.7-r1. 1.0.7-r2 is in portage with the fix Arches please mark stable. What stable? vapier bumped every one to stable directly... Sune obviously needs some rest :) Sorry for the inconvenience... GLSA 200411-22 |