Jaunty reached end-of-life on 23 October 2010 so I'll close the report
** Changed in: emacs21 (Ubuntu Jaunty)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/531569
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug is still marked as confirmed in later versions of Ubuntu.
** Changed in: emacs21 (Ubuntu Intrepid)
Status: Confirmed = Invalid
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
** Attachment removed: CVE-2010-0825.sh
http://launchpadlibrarian.net/41879562/CVE-2010-0825.sh
** Visibility changed to: Public
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a
** Changed in: emacs23 (Ubuntu Lucid)
Status: Confirmed = Fix Released
** Changed in: emacs22 (Ubuntu Lucid)
Status: Confirmed = Fix Released
** Changed in: emacs22 (Ubuntu Hardy)
Status: Confirmed = Fix Released
** Changed in: emacs22 (Ubuntu Intrepid)
Status:
http://www.ubuntu.com/usn/USN-919-1
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Attachment removed: Exploit for emacs race condition
http://launchpadlibrarian.net/40123119/exploit.sh
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
While testing this patch, it seems that there is still a condition where
movemail wipes the mailbox (though it doesn't leak contents any more).
Here is an updated reproducer that tests for the conditions...
** Attachment added: CVE-2010-0825.sh
New patch coming right up, ready in 10 minutes.
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
As promised...this takes the same approach as before - dropping the egid
before calls to open() or creat(). I made another pass through the code
to make sure there weren't any other vulnerable calls, so this should
finally kill these bugs. I tested using the reproducer to confirm it
fixes the
Cool! Thanks very much for the quick turn-around. :)
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Visibility changed to: Public
** Visibility changed to: Private
--
Emacs movemail race condition
https://bugs.launchpad.net/bugs/531569
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
11 matches
Mail list logo