Upstream release notes:
Fixed security issue with temporary file handling in the generated iptables script. The problem only affects Linux systems where Firewall Builder is used to generate static routing configuration. The problem exists in Firewall Builder versions 3.0.4, 3.0.5, 3.0.6
3.0.7 was released to fix this issue, however in https://bugzilla.redhat.com/show_bug.cgi?id=524588, Jan Lieskovsky mentioned that the fix is not complete.
Upstream is informed. Let's wait for a reaction.
Created attachment 209994 [details, diff]
I just did a version bump including a patch written by me to fix the security issue.
Package compiles and runs fine here with the mentioned patch.
Arches, please test and mark stable:
Target keywords : "amd64 ppc ppc64 x86"
Marked ppc stable.
glsa request filed.
All affected versions removed from tree
fwbuilder-3.0.7 is no longer in the tree. Closing as OBSOLETE.
Please do not close security bug--we need to publish a GLSA for this--thanks.
This issue was resolved and addressed in
GLSA 201201-11 at http://security.gentoo.org/glsa/glsa-201201-11.xml
by GLSA coordinator Sean Amoss (ackle).