Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 235805 - app-emulation/xen-tools: audit wrt insecure temp file usage
Summary: app-emulation/xen-tools: audit wrt insecure temp file usage
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
: CVE-2008-4993 (view as bug list)
Depends on:
Blocks: debian-tempfile
  Show dependency tree
Reported: 2008-08-26 17:26 UTC by Christian Hoffmann (RETIRED)
Modified: 2008-11-08 14:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Christian Hoffmann (RETIRED) gentoo-dev 2008-08-26 17:26:31 UTC
See $URL and bug 235770.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-08-26 19:48:53 UTC
This bug should have been filed as UNCONFIRMED.
I'm unable to find the offending file in xen-tools and I'm unable to emerge xen itself (sed: -e expression #6, char 930: unterminated `s' command).
Might be related to the fact that I emerged it with --nodeps.

rbu, can you check? You're maintainer anyway :p
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-08-31 18:04:53 UTC
The xen-tools package contains the file ( /tools/ioemu/target-i386-dm/qemu-dm.debug ), and that indeed creates those files insecurely. However, neither the Makefiles not the ebuilds install this file.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-08 14:10:31 UTC
*** Bug 246068 has been marked as a duplicate of this bug. ***