" Avoid race condition when creating the temporary directory If the temporary directory exists, its content must be checked and purged after creating the temporary directory. Doing the reverse (as was the case before) opens the door to a race condition where a malicious user replaces the temporary directory just after its content was checked and deemed to be safe. Thanks to Matthias Gerstner for reporting this issue. "
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3ca4afb08ee300c6d4202717844f82533db9ed3 commit f3ca4afb08ee300c6d4202717844f82533db9ed3 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-01-27 20:20:37 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-01-27 20:21:08 +0000 net-analyzer/sarg: Version 2.4.0 Package-Manager: Portage-2.3.85, Repoman-2.3.20 Bug: https://bugs.gentoo.org/706748 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/sarg/Manifest | 1 + net-analyzer/sarg/sarg-2.4.0.ebuild | 60 +++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+)
@maintainer(s), ok to cleanup?
(In reply to sam_c (Security Padawan) from comment #2) > @maintainer(s), ok to cleanup? ignore me! @maintainer(s), please advise if you are ready for stabilisation or call for stabilisation yourself.
(changing title until stabilisation is called for).
@maintainer(s), please tell us if there is an issue preventing stabilisation, or we will begin.
amd64 stable
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
GLSA opened.
This issue was resolved and addressed in GLSA 202007-32 at https://security.gentoo.org/glsa/202007-32 by GLSA coordinator Sam James (sam_c).
