bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#278283: insecure temporary file usage in gettextize and autopoint (f

From: Santiago Vila
Subject: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd)
Date: Tue, 26 Oct 2004 01:23:58 +0200 (CEST) 
Hello.

I received this from the Debian bug system.
[ Please keep the Cc: lines when replying. Thanks ].

---------- Forwarded message ----------
From: Joey Hess <address@hidden>
To: Debian Bug Tracking System <address@hidden>
Date: Mon, 25 Oct 2004 17:07:59 -0400
Subject: Bug#278283: insecure temporary file usage in gettextize and autopoint

Package: gettext
Version: 0.14.1-5
Severity: serious
Tags: security

CAN-2004-0966 describes some insecure uses of temporary files by
autopoint and gettextize. We seem to be vulnerable, it's stupidity like
this:

        { echo "#! /bin/sh"; echo "exit 0"; } > /tmp/conf$$.sh

There is a patch here:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages gettext depends on:
ii  gettext-base                0.14.1-5     GNU Internationalization utilities
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an

-- no debconf information

-- 
see shy jo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]