Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 65647 - media-libs/netpbm: temporary file bugs
Summary: media-libs/netpbm: temporary file bugs
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] koon
Depends on:
Reported: 2004-09-28 00:47 UTC by Alin Năstac (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alin Năstac (RETIRED) gentoo-dev 2004-09-28 00:47:33 UTC
Package name:           netpbm
 Advisory ID:            MDKSA-2004:011-1
 Date:                   September 27th, 2004
 Original Advisory Date: February 11th, 2004
 Affected versions:	 10.0, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2

 Problem Description:

 A number of temporary file bugs have been found in versions of NetPBM.
 These could allow a local user the ability to overwrite or create
 files as a different user who happens to run one of the the vulnerable


 The patch applied made some calls to the mktemp utility with an
 incorrect parameter which prevented mktemp from creating temporary
 files in some scripts.
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2004-09-28 01:01:20 UTC
graphics please confirm and provide a fixed ebuild if necessary.

Mandrake Advisory here:
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2004-09-29 22:21:54 UTC
Version 10 is unaffected by this. Graphics please patch 9.12 or advise which version above 9.20 to mark stable.
Comment 3 Philip Walls (RETIRED) gentoo-dev 2004-09-30 07:03:55 UTC
Since 10.20 is already stable on amd64 and ppc64, can we try stablizing other arches on this version? It's been around since February 2004
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-09-30 07:54:52 UTC
Yes I think we should have all arches mark a version (>=10.0) of their choice stable, so that we can get rid of the last 9.x version. Most arches already have.

Calling missing arches : hppa mips ppc sparc x86
Please test and mark 10.20 (or any other >=10 version) stable.
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2004-09-30 12:16:58 UTC
sparc stable.
Comment 6 Jochen Maes (RETIRED) gentoo-dev 2004-10-01 10:27:50 UTC
stable on ppc
Comment 7 Jochen Maes (RETIRED) gentoo-dev 2004-10-02 03:47:40 UTC
forgot to remove it :-)
Comment 8 Olivier Crete (RETIRED) gentoo-dev 2004-10-02 14:29:39 UTC
10.20 stable on x86
Comment 9 SpanKY gentoo-dev 2004-10-02 21:58:04 UTC
hppa/ia64 stable
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-10-03 06:30:08 UTC
I'll draft the GLSA
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2004-10-04 10:33:41 UTC
GLSA 200410-02