The following vulnerabilities were found by Jacub Jelinek in Midnight Commander :
CAN-2004-0226 Buffer overflows
CAN-2004-0231 Insecure temporary file and directory creations
CAN-2004-0232 Format string problems
No fix version, patches are backports from the CVS version.
Already published advisories :
Do you have a patch put together that patches clean for gentoo?
I haven't a patch yet. I can try to derive one from the Mandrake advisory, but it will probably be unclean.
Heinrich : can you try to build a patch from the mc CVS ? If not, I will try to put something together from the Mandrake sources...
sorry for taking so long, added the security patch and marked stable on x86, other arches please test
Adding arches -- please test and mark app-misc/mc-4.6.0-r7 stable.
Stable on alpha.
Didn't mean to close the bug.. :)
Stable on hppa & sparc.
Stable on mips.
amd64, ia64 : please mark stable
stable on amd64