From ${URL} : The configure script creates temporary files in an insecure way: | extract_header_define() { | AC_MSG_CHECKING(for $2 in $1) | Cfile=/tmp/extract_define.$2.${$} | printf "#include <stdio.h>\n" > ${Cfile}.c | printf "#include <%s>\n" $1 >> ${Cfile}.c | printf "int main(int argc, char **argv) { printf(\"%%s\", %s); return 0; }\n" $2 >> ${Cfile}.c | $CC $CFLAGS ${Cfile}.c -o ${Cfile} | value=`${Cfile}` | AC_MSG_RESULT($value) | printf $value | rm -f ${Cfile}.c ${Cfile} | } @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Per the following link the vulnerable code is in configure.ac: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633964 Issue is fixed in >=sys-cluster/pacemaker-1.1.12-r2, per the below code changes in configure.ac (note $srcdir/extract_define.$2.${$} vice /tmp...): try_extract_header_define() { AC_MSG_CHECKING(if $2 in $1 exists) Cfile=$srcdir/extract_define.$2.${$} printf "#include <stdio.h>\n" > ${Cfile}.c printf "#include <%s>\n" $1 >> ${Cfile}.c printf "int main(int argc, char **argv) {\n" >> ${Cfile}.c printf "#ifdef %s\n" $2 >> ${Cfile}.c printf "printf(\"%%s\", %s);\n" $2 >> ${Cfile}.c printf "#endif \n return 0; }\n" >> ${Cfile}.c $CC $CFLAGS ${Cfile}.c -o ${Cfile} 2>/dev/null GLSA Vote: No
