OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 23-Dec-2004 15:37:47
Branch: HEAD Handle: 2004122314374700
Modified files:
openpkg-web/security OpenPKG-SA-2004.055-gettext.txt
Log:
release OpenPKG Security Advisory 2004.055 (gettext)
Summary:
Revision Changes Path
1.3 +24 -15 openpkg-web/security/OpenPKG-SA-2004.055-gettext.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.055-gettext.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2004.055-gettext.txt
--- openpkg-web/security/OpenPKG-SA-2004.055-gettext.txt 19 Dec 2004
11:46:33 -0000 1.2
+++ openpkg-web/security/OpenPKG-SA-2004.055-gettext.txt 23 Dec 2004
14:37:47 -0000 1.3
@@ -1,19 +1,22 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
-OpenPKG-SA-2004.055 19-Dec-2004
+OpenPKG-SA-2004.055 23-Dec-2004
________________________________________________________________________
Package: gettext
Vulnerability: insecure temporary file generation
OpenPKG Specific: no
-Affected Releases: Affected Packages: Corrected Packages:
-OpenPKG CURRENT <= gettext-0.14.1-20041006 >= gettext-0.14.1-20041217
-OpenPKG 2.2 <= gettext-0.14.1-2.2.0 >= gettext-0.14.1-2.2.1
-OpenPKG 2.1 <= gettext-0.14.1-2.1.0 >= gettext-0.14.1-2.1.1
+Affected Releases: Affected Packages: Corrected Packages:
+OpenPKG CURRENT <= gettext-0.14.1-20041006 >= gettext-0.14.1-20041217
+OpenPKG 2.2 <= gettext-0.14.1-2.2.0 >= gettext-0.14.1-2.2.1
+OpenPKG 2.1 <= gettext-0.14.1-2.1.0 >= gettext-0.14.1-2.1.1
Affected Releases: Dependent Packages:
OpenPKG CURRENT aegis, apache, doodle, giftoxic, gimp, glib2, gpa,
@@ -29,18 +32,17 @@
Description:
Trustix security engineers discovered vulnerabilities [0] in the
- autopoint and gettextize scripts of gettext [1]. The scripts in
- question insecurely generate temporary files which could allow a
- malicious user to overwrite another user's files via a symlink
- attack. Software only using gettext's headers and libraries is
- not affected by this problem, however.
-
- The Common Vulnerabilities and Exposures (CVE) project assigned
- the identifier CAN-2004-0966 [2] to the problem.
+ "autopoint" and "gettextize" scripts of GNU gettext [1]. The scripts
+ in question insecurely generate temporary files which could allow
+ a malicious user to overwrite another user's files via a "symlink
+ attack". Software only using GNU gettext's headers and libraries is
+ not affected by this problem, however. The Common Vulnerabilities and
+ Exposures (CVE) project assigned the identifier CAN-2004-0966 [2] to
+ the problem.
Please check whether you are affected by running "<prefix>/bin/openpkg
- rpm -q gettext". If you have the "gettext" package installed and
- its version is affected (see above), we recommend that you immediately
+ rpm -q gettext". If you have the "gettext" package installed and its
+ version is affected (see above), we recommend that you immediately
upgrade it (see Solution) and its dependent packages (see above) [3][4].
Solution:
@@ -86,3 +88,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFBytgqgHWT4GPEy58RAhuGAKDpeqcGekb2uYC6ng+MxUK2KMemgACeJSin
+dAYcOAONTykpMwG4C7routM=
+=EWyA
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
