Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Oct 2008 22:53:29 +0100
From: Robert Buchholz <rbu@...too.org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

Hi,

Gentoo could need CVEs for some more of the insecure tempfile issues 
found by Debian. For others, we have gathered a list of all the bugs 
created at our tracker https://bugs.gentoo.org/show_bug.cgi?id=235770

* aview
DEBIAN: http://bugs.debian.org/496422
GENTOO: https://bugs.gentoo.org/235808
FILES: asciiview
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/aview

* mgetty
DEBIAN: http://bugs.debian.org/496403
GENTOO: https://bugs.gentoo.org/235806
FILES: faxspool
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-fax

* openoffice.org
DEBIAN: http://bugs.debian.org/496361
GENTOO: https://bugs.gentoo.org/235824
http://www.securityfocus.com/bid/30925
FILES: senddoc
CODE: 
http://dev.gentoo.org/~rbu/security/debiantemp/openoffice.org-common
   [etch] - openoffice.org <not-affected> (Vulnerable code not present)
   NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.

* crossfire
DEBIAN: http://bugs.debian.org/496358
GENTOO: https://bugs.gentoo.org/236205
FILES: combine.pl
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/crossfire-maps


Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.