Summary: | sys-fs/lvm-user: Insecure tmpfile use | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | base-system | ||||
Priority: | Highest | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308 | ||||||
Whiteboard: | B3 [glsa] koon | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2004-10-21 07:58:37 UTC
Created attachment 42316 [details, diff]
Patch from RedHat bug
Patch from RedHat
We have two lvm packages in our tree, lvm-user for LVM 1.* and lvm2 for LVM 2.*. The script is only in LVM 1.* releases. So we should either remove the package or fix it :) base-system: please either fix this or remove lvm-user altogether. I'm sure you prefer we don't mess with it ourselves :) Debian bug report: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279229> Diff from Ubuntu Linux (full diff to orig package including typical Debian stuff): <http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubuntu1.1.diff.gz> Patch in attachment applies cleanly to lvm-user-1.0.7-r1. 1.0.7-r2 is in portage with the fix Arches please mark stable. What stable? vapier bumped every one to stable directly... Sune obviously needs some rest :) Sorry for the inconvenience... GLSA 200411-22 |