Hi,
Note that the following packages contain copies of uudeview:
dnprogs: mail/uulib/uulib.c (0.5.13)
goldedplus: build/goldlib/uulib/uulib.c (0.5.15)
libconvert-uulib-perl: uulib/uulib.c (0.5.20)
Fortunately, the version in libconvert-uulib-perl has been patched to
use mkstemp(3) and is
* Frank Lichtenheld:
On Sat, Sep 03, 2005 at 11:53:52PM +0200, Florian Weimer wrote:
* Frank Lichtenheld:
I mean, after closing fd _and_ unlinking the temporary file it is
completly gone and the race is open again, isn't it? Wouldn't be
the right fix to return the fd from the function
On Sat, Jul 30, 2005 at 12:54:10AM -0400, Joey Hess wrote:
CAN-2004-2265 is a security hole in uudeview, although you won't find
much useful info in the advisories associated with that CAN.
[...]
This is a race, exploitable when uudeview is run on standard input.
I'm attaching OpenPKG's entire
* Frank Lichtenheld:
I mean, after closing fd _and_ unlinking the temporary file it is
completly gone and the race is open again, isn't it? Wouldn't be
the right fix to return the fd from the function and not bother
about the filename at all?
In the interest of a minimal change, it might
On Sat, Sep 03, 2005 at 11:53:52PM +0200, Florian Weimer wrote:
* Frank Lichtenheld:
I mean, after closing fd _and_ unlinking the temporary file it is
completly gone and the race is open again, isn't it? Wouldn't be
the right fix to return the fd from the function and not bother
about
Package: uudeview
Version: 0.5.20-2
Severity: serious
Tags: security
CAN-2004-2265 is a security hole in uudeview, although you won't find
much useful info in the advisories associated with that CAN.
After downloading OpenPKG's fix from
6 matches
Mail list logo
