Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Oct 2008 22:53:29 +0100
From: Robert Buchholz <rbu@...too.org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

Hi,

Gentoo could need CVEs for some more of the insecure tempfile issues 
found by Debian. For others, we have gathered a list of all the bugs 
created at our tracker https://bugs.gentoo.org/show_bug.cgi?id=235770

* aview
DEBIAN: http://bugs.debian.org/496422
GENTOO: https://bugs.gentoo.org/235808
FILES: asciiview
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/aview

* mgetty
DEBIAN: http://bugs.debian.org/496403
GENTOO: https://bugs.gentoo.org/235806
FILES: faxspool
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-fax

* openoffice.org
DEBIAN: http://bugs.debian.org/496361
GENTOO: https://bugs.gentoo.org/235824
http://www.securityfocus.com/bid/30925
FILES: senddoc
CODE: 
http://dev.gentoo.org/~rbu/security/debiantemp/openoffice.org-common
   [etch] - openoffice.org <not-affected> (Vulnerable code not present)
   NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.

* crossfire
DEBIAN: http://bugs.debian.org/496358
GENTOO: https://bugs.gentoo.org/236205
FILES: combine.pl
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/crossfire-maps


Robert

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ