Summary: | net-print/mtink: Insecure file permissions | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Tavis Ormandy (RETIRED)
2004-11-06 16:09:46 UTC
Upstream notified. Upstream will fix and release a new version in a few days. Upstream released 1.0.5 to fix the issue: http://xwtools.automatix.de/files/mtink-1.0.5.tar.gz Printing please bump. bumped to 1.0.5 and marked stable on x86 Thx Heinrich. Security please draft. I think the ebuild should chmod /var/run/mtink and /var/mtink in pkg_postinst() to fix the perms for users who are upgrading, just adding "chmod 700 /var/mtink /var/run/mtink 2>/dev/null" should be enough. good idea, added that GLSA 200411-17 |