Package name: netpbm Advisory ID: MDKSA-2004:011-1 Date: September 27th, 2004 Original Advisory Date: February 11th, 2004 Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Update: The patch applied made some calls to the mktemp utility with an incorrect parameter which prevented mktemp from creating temporary files in some scripts.
graphics please confirm and provide a fixed ebuild if necessary. Mandrake Advisory here: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011-1
Version 10 is unaffected by this. Graphics please patch 9.12 or advise which version above 9.20 to mark stable.
Since 10.20 is already stable on amd64 and ppc64, can we try stablizing other arches on this version? It's been around since February 2004
Yes I think we should have all arches mark a version (>=10.0) of their choice stable, so that we can get rid of the last 9.x version. Most arches already have. Calling missing arches : hppa mips ppc sparc x86 Please test and mark 10.20 (or any other >=10 version) stable.
sparc stable.
stable on ppc
forgot to remove it :-)
10.20 stable on x86
hppa/ia64 stable
I'll draft the GLSA
GLSA 200410-02