Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 07 Apr 2008 09:11:11 +0200
From: Lubomir Kundrak <lkundrak@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Security fixes in m4-1.4.11


On Sun, 2008-04-06 at 20:42 -0400, Steven M. Christey wrote:
> On Sun, 6 Apr 2008, Patrick J. Volkerding wrote:
> 
> > Minor security fix: Quote output of mkstemp.
> 
> Use CVE-2008-1687

This does not sound like a security problem. Mkstemp would never output
any shell metacharacters.

> > Security fix: avoid arbitrary code execution with 'm4 -F'.
> 
> Use CVE-2008-1688
> 
> Note - these CVE's will not be live until Monday.
> 
> - Steve
-- 
Lubomir Kundrak (Red Hat Security Response Team)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux