[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#278283: insecure temporary file usage in gettextize and autopoint (f
From: |
Santiago Vila |
Subject: |
Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 01:23:58 +0200 (CEST) |
Hello.
I received this from the Debian bug system.
[ Please keep the Cc: lines when replying. Thanks ].
---------- Forwarded message ----------
From: Joey Hess <address@hidden>
To: Debian Bug Tracking System <address@hidden>
Date: Mon, 25 Oct 2004 17:07:59 -0400
Subject: Bug#278283: insecure temporary file usage in gettextize and autopoint
Package: gettext
Version: 0.14.1-5
Severity: serious
Tags: security
CAN-2004-0966 describes some insecure uses of temporary files by
autopoint and gettextize. We seem to be vulnerable, it's stupidity like
this:
{ echo "#! /bin/sh"; echo "exit 0"; } > /tmp/conf$$.sh
There is a patch here:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages gettext depends on:
ii gettext-base 0.14.1-5 GNU Internationalization utilities
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
-- no debconf information
--
see shy jo
- Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd),
Santiago Vila <=
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/27
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Jarc, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26