Your message dated Sun, 27 Apr 2008 06:32:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476611: fixed in emacs22 22.2+2-2
has caused the Debian Bug report #476611,
regarding CVE-2008-1694: vcdiff insecure temporary file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
476611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476611
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: emacs22
Version: 22.2+1-1
Severity: important
Tags: security

This was brought to our attention by Red Hat on vendor-sec:

Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs
(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely,
which makes it possible for local attacker to conduct a symlink attack and
make the victim overwrite arbitrary file.

diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
--- emacs-21.4.orig/lib-src/vcdiff      2006-09-28 12:07:51.000000000 -0400
+++ emacs-21.4/lib-src/vcdiff   2006-09-28 15:58:53.000000000 -0400
@@ -86,14 +86,14 @@
        case $f in
        s.* | */s.*)
                if
-                       rev1=/tmp/geta$$
+                       rev1=`mktemp /tmp/geta.XXXXXXXX`
                        get -s -p -k $sid1 "$f" > $rev1 &&
                        case $sid2 in
                        '')
                                workfile=`expr " /$f" : '.*/s.\(.*\)'`
                                ;;
                        *)
-                               rev2=/tmp/getb$$
+                               rev2=`mktemp /tmp/getb.XXXXXXXX`
                                get -s -p -k $sid2 "$f" > $rev2
                                workfile=$rev2
                        esac
 
 


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages emacs22 depends on:
ii  emacs22-bin-common     22.2+1-1          The GNU Emacs editor's shared, arc
ii  libasound2             1.0.16-2          ALSA library
ii  libc6                  2.7-10            GNU C Library: Shared libraries
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libncurses5            5.6+20080405-1    Shared libraries for terminal hand
ii  libpng12-0             1.2.15~beta5-3    PNG library - runtime
ii  libsm6                 2:1.0.3-1+b1      X11 Session Management library
ii  libtiff4               3.8.2-8           Tag Image File Format (TIFF) libra
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxmu6                2:1.0.4-1         X11 miscellaneous utility library
ii  libxpm4                1:3.5.7-1         X11 pixmap library
ii  libxt6                 1:1.0.5-3         X11 toolkit intrinsics library
ii  xaw3dg                 1.5+E-15          Xaw3d widget set
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

emacs22 recommends no packages.

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: emacs22
Source-Version: 22.2+2-2

We believe that the bug you reported is fixed in the latest version of
emacs22, which is due to be installed in the Debian FTP archive:

emacs22-bin-common_22.2+2-2_i386.deb
  to pool/main/e/emacs22/emacs22-bin-common_22.2+2-2_i386.deb
emacs22-common_22.2+2-2_all.deb
  to pool/main/e/emacs22/emacs22-common_22.2+2-2_all.deb
emacs22-el_22.2+2-2_all.deb
  to pool/main/e/emacs22/emacs22-el_22.2+2-2_all.deb
emacs22-gtk_22.2+2-2_i386.deb
  to pool/main/e/emacs22/emacs22-gtk_22.2+2-2_i386.deb
emacs22-nox_22.2+2-2_i386.deb
  to pool/main/e/emacs22/emacs22-nox_22.2+2-2_i386.deb
emacs22_22.2+2-2.diff.gz
  to pool/main/e/emacs22/emacs22_22.2+2-2.diff.gz
emacs22_22.2+2-2.dsc
  to pool/main/e/emacs22/emacs22_22.2+2-2.dsc
emacs22_22.2+2-2_i386.deb
  to pool/main/e/emacs22/emacs22_22.2+2-2_i386.deb
emacs_22.2+2-2_all.deb
  to pool/main/e/emacs22/emacs_22.2+2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning <[EMAIL PROTECTED]> (supplier of updated emacs22 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Apr 2008 22:02:40 -0700
Source: emacs22
Binary: emacs emacs22 emacs22-nox emacs22-gtk emacs22-bin-common emacs22-common 
emacs22-el
Architecture: source all i386
Version: 22.2+2-2
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <[EMAIL PROTECTED]>
Changed-By: Rob Browning <[EMAIL PROTECTED]>
Description: 
 emacs      - The GNU Emacs editor (metapackage)
 emacs22    - The GNU Emacs editor
 emacs22-bin-common - The GNU Emacs editor's shared, architecture dependent 
files
 emacs22-common - The GNU Emacs editor's shared, architecture independent 
infrastru
 emacs22-el - GNU Emacs LISP (.el) files
 emacs22-gtk - The GNU Emacs editor (with GTK user interface)
 emacs22-nox - The GNU Emacs editor (without X support)
Closes: 448391 476611 477215
Changes: 
 emacs22 (22.2+2-2) unstable; urgency=medium
 .
   * Fix debian-expand-file-name-dfsg and describe-gnu-project (C-h C-p).
     Thanks to Valery V. Vorotyntsev <[EMAIL PROTECTED]>.
     (closes: #448391, #477215)
 .
   * Fix an insecurity in vcdiff's temporary file handling
     (CVE-2008-1694). Thanks to Moritz Muehlenhoff <[EMAIL PROTECTED]> and
     Steve Grubb. (closes: #476611)
Checksums-Sha1: 
 5f712b261d6a160726d319019849c3ac04e83833 1332 emacs22_22.2+2-2.dsc
 b36f6a0eba92f7eafad32774da16007471cac96d 41091 emacs22_22.2+2-2.diff.gz
 7e37821eb7836e2b4053abcaad7351c6f346b55d 19234 emacs_22.2+2-2_all.deb
 90a438a623e3c417d0d980667325e454cc65524f 14624904 
emacs22-common_22.2+2-2_all.deb
 c1db02968d673dffaf32113bce8ad6883c9307fb 11356382 emacs22-el_22.2+2-2_all.deb
 8af389709de6ffa85f27e66de14b549e53118ad8 2584466 emacs22_22.2+2-2_i386.deb
 92812b70f7ac89c06e39b5c530f4a3cc195e1ae3 2328564 emacs22-nox_22.2+2-2_i386.deb
 231f0637071be7f82be3111aa2150bd017b0be06 2576670 emacs22-gtk_22.2+2-2_i386.deb
 5fb412b8569663a181cfeadd3c4945891dfc3313 160850 
emacs22-bin-common_22.2+2-2_i386.deb
Checksums-Sha256: 
 ee51162d9939ef2dd83d050892b3a0bc1b2c4acd222c85801b4c858bcd3e34b4 1332 
emacs22_22.2+2-2.dsc
 3a744468413d8db2a8feb4a5bdae90dddd89ea7c39a71487818e15ae7729a825 41091 
emacs22_22.2+2-2.diff.gz
 3c8d1bc9870a32c2f712de617ba86647e280390b062a4b8f72a5578710a9a493 19234 
emacs_22.2+2-2_all.deb
 aa09fb9ab3241ca739eeb23262427388ad6fab20de8c9d7e5db64ddb8150896c 14624904 
emacs22-common_22.2+2-2_all.deb
 48470ff434c4afd8c5fb0db17eae72ca1f71082ede14a81a9e2820eddc76c48f 11356382 
emacs22-el_22.2+2-2_all.deb
 f713e80789868bb658b383a07701cd5ac9495d0a83e90811a88af382d97f145e 2584466 
emacs22_22.2+2-2_i386.deb
 e2eef040eeef26991eca0ecf2d66fd4472d8029f1c116f9a41dc382ce6a6e5e8 2328564 
emacs22-nox_22.2+2-2_i386.deb
 ee67b3878d7f8044909b53bc41300203620ba606df147d11af0654f8680edc2b 2576670 
emacs22-gtk_22.2+2-2_i386.deb
 06e5444bd94cd35616ed4ef45eb1b949a2a56d17e0d412a84845223a3e21e27b 160850 
emacs22-bin-common_22.2+2-2_i386.deb
Files: 
 396496e7300c8e7cc69cd68d0a21f764 1332 editors optional emacs22_22.2+2-2.dsc
 77079786171a8616952a0f3383d05f46 41091 editors optional 
emacs22_22.2+2-2.diff.gz
 96da06b1a22e36397f735b0131bc9b02 19234 editors optional emacs_22.2+2-2_all.deb
 97839e6f1c74e36c382ea7512b881c38 14624904 editors optional 
emacs22-common_22.2+2-2_all.deb
 0da0d5428ae15efb081f28a40d56edb5 11356382 editors optional 
emacs22-el_22.2+2-2_all.deb
 05567878e2a6c962d6311b848a6418de 2584466 editors optional 
emacs22_22.2+2-2_i386.deb
 dd46a80d83c771ee11c325b3642977bd 2328564 editors optional 
emacs22-nox_22.2+2-2_i386.deb
 7c8abec28587cea2fdbfc0518a875431 2576670 editors optional 
emacs22-gtk_22.2+2-2_i386.deb
 6b707e69e58d326893612e9882c5f415 160850 editors optional 
emacs22-bin-common_22.2+2-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIFBsVJcjTd4x+c6QRAubhAJ9Nc3Ah7ErkPmN0vCzvrdkQzSvWtQCgt6+/
AKyOMLiYwcavIdDPUIpvk7g=
=lm0h
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to