Bug#328566: Fwd: Re: CAN request: insecure temp file in gtkdiskfree
Hi! I requested a CAN number; when you fix this, please mention the number in the changelog. Thanks! Martin - Forwarded message from Steven M. Christey [EMAIL PROTECTED] - Date: Fri, 16 Sep 2005 14:53:07 -0400 (EDT) From: Steven M. Christey [EMAIL PROTECTED] To: Martin Pitt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: CAN request: insecure temp file in gtkdiskfree X-Spam-Status: No, score=0.7 required=4.0 tests=AWL,BAYES_50 autolearn=no version=3.0.3 == Candidate: CAN-2005-2918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918 Reference: VULNWATCH:20050915 gtkdiskfree insecure temporary file creation Reference: MISC:http://www.zataz.net/adviso/gtkdiskfree-09052005.txt Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=104565 The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. - End forwarded message - -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developerhttp://www.debian.org signature.asc Description: Digital signature
Bug#328566: Fwd: Re: CAN request: insecure temp file in gtkdiskfree
Hi, I won't have access to my key until sometime tomorrow. If you feel that an NMU is required before then, go right ahead. Otherwise I will fix it ASAP when I get back. On Sat, Sep 17, 2005 at 10:26:05AM +0200, Martin Pitt wrote: Hi! I requested a CAN number; when you fix this, please mention the number in the changelog. Thanks! Martin - Forwarded message from Steven M. Christey [EMAIL PROTECTED] - Date: Fri, 16 Sep 2005 14:53:07 -0400 (EDT) From: Steven M. Christey [EMAIL PROTECTED] To: Martin Pitt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: CAN request: insecure temp file in gtkdiskfree X-Spam-Status: No, score=0.7 required=4.0 tests=AWL,BAYES_50 autolearn=no version=3.0.3 == Candidate: CAN-2005-2918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918 Reference: VULNWATCH:20050915 gtkdiskfree insecure temporary file creation Reference: MISC:http://www.zataz.net/adviso/gtkdiskfree-09052005.txt Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=104565 The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. - End forwarded message - -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developerhttp://www.debian.org -- Søren O. ,''`. : :' : GPG key id: 0x1EB2DE66`. `' GPG signed mail preferred. `-
Bug#328566: Fwd: Re: CAN request: insecure temp file in gtkdiskfree
Hi Søren! Søren Boll Overgaard [2005-09-17 11:52 +0200]: I won't have access to my key until sometime tomorrow. If you feel that an NMU is required before then, go right ahead. Otherwise I will fix it ASAP when I get back. Oh, tomorrow is more than fine. Thanks for caring about it! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developerhttp://www.debian.org signature.asc Description: Digital signature