Your message dated Mon, 28 Apr 2008 11:17:07 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#476612: fixed in emacs21 21.4a+1-5.4 has caused the Debian Bug report #476612, regarding CVE-2008-1694: vcdiff insecure temporary file to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 476612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476612 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: emacs21 Severity: important Tags: security This was brought to our attention by Red Hat on vendor-sec: Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs (confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file. diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff --- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000 -0400 +++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400 @@ -86,14 +86,14 @@ case $f in s.* | */s.*) if - rev1=/tmp/geta$$ + rev1=`mktemp /tmp/geta.XXXXXXXX` get -s -p -k $sid1 "$f" > $rev1 && case $sid2 in '') workfile=`expr " /$f" : '.*/s.\(.*\)'` ;; *) - rev2=/tmp/getb$$ + rev2=`mktemp /tmp/getb.XXXXXXXX` get -s -p -k $sid2 "$f" > $rev2 workfile=$rev2 esac -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages emacs21 depends on: pn emacs21-bin-common <none> (no description available) ii libc6 2.7-10 GNU C Library: Shared libraries ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libncurses5 5.6+20080405-1 Shared libraries for terminal hand ii libpng12-0 1.2.15~beta5-3 PNG library - runtime ii libsm6 2:1.0.3-1+b1 X11 Session Management library ii libtiff4 3.8.2-8 Tag Image File Format (TIFF) libra ii libungif4g 4.1.6-4 library for GIF images (transition ii libx11-6 2:1.0.3-7 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library ii libxpm4 1:3.5.7-1 X11 pixmap library ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii xaw3dg 1.5+E-15 Xaw3d widget set ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime emacs21 recommends no packages.
--- End Message ---
--- Begin Message ---Source: emacs21 Source-Version: 21.4a+1-5.4 We believe that the bug you reported is fixed in the latest version of emacs21, which is due to be installed in the Debian FTP archive: emacs21-bin-common_21.4a+1-5.4_amd64.deb to pool/main/e/emacs21/emacs21-bin-common_21.4a+1-5.4_amd64.deb emacs21-common_21.4a+1-5.4_all.deb to pool/main/e/emacs21/emacs21-common_21.4a+1-5.4_all.deb emacs21-el_21.4a+1-5.4_all.deb to pool/main/e/emacs21/emacs21-el_21.4a+1-5.4_all.deb emacs21-nox_21.4a+1-5.4_amd64.deb to pool/main/e/emacs21/emacs21-nox_21.4a+1-5.4_amd64.deb emacs21_21.4a+1-5.4.diff.gz to pool/main/e/emacs21/emacs21_21.4a+1-5.4.diff.gz emacs21_21.4a+1-5.4.dsc to pool/main/e/emacs21/emacs21_21.4a+1-5.4.dsc emacs21_21.4a+1-5.4_amd64.deb to pool/main/e/emacs21/emacs21_21.4a+1-5.4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated emacs21 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 28 Apr 2008 12:46:35 +0200 Source: emacs21 Binary: emacs21 emacs21-nox emacs21-bin-common emacs21-common emacs21-el Architecture: source all amd64 Version: 21.4a+1-5.4 Distribution: unstable Urgency: high Maintainer: Rob Browning <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: emacs21 - The GNU Emacs editor emacs21-bin-common - The GNU Emacs editor's shared, architecture dependent files emacs21-common - The GNU Emacs editor's shared, architecture independent infrastru emacs21-el - GNU Emacs LISP (.el) files emacs21-nox - The GNU Emacs editor (without X support) Closes: 476612 Changes: emacs21 (21.4a+1-5.4) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix insecure temporary file creation in vcdiff script leading to possible symlink attacks (CVE-2008-1694; Closes: #476612). Checksums-Sha1: 4a45d6d8e8a92ff3ca7d5bbec4eed6ec88e5d1dd 1276 emacs21_21.4a+1-5.4.dsc 3f7c4aaa9c2c4de05b73ac4799308381481f94b6 179573 emacs21_21.4a+1-5.4.diff.gz a9f27f5f6c8f0a34354c57f64c3595e058fa2a57 9439428 emacs21-common_21.4a+1-5.4_all.deb 21fe4314e0f323bb342aff97448498927999729c 7226102 emacs21-el_21.4a+1-5.4_all.deb 637300c580b9cebca2fe2b0238b6e7c4037738bc 2194784 emacs21_21.4a+1-5.4_amd64.deb 6dc7d959891b7529b86b5c1f3c8ae1d6f62a8b42 1972092 emacs21-nox_21.4a+1-5.4_amd64.deb 05aa8bb7cb1da27725451264fcc26bc737dd0e00 164608 emacs21-bin-common_21.4a+1-5.4_amd64.deb Checksums-Sha256: a1a0173b1605e9eed3c979e5ea83901d27696ce77a83cba59721392e0ccd692e 1276 emacs21_21.4a+1-5.4.dsc 96c5eeb52e961c525a6a3672d437739945b15e60e03abfbd2ac2a3234c81029b 179573 emacs21_21.4a+1-5.4.diff.gz f731d29b28753b1dd6e431fd6db5ffc9e59d49c9598bc3a060d603b17587215e 9439428 emacs21-common_21.4a+1-5.4_all.deb 69b86b5ff1095d3f137b5f1c276386885308c00141bca23226f18b93377a4a2f 7226102 emacs21-el_21.4a+1-5.4_all.deb 340a2be70c103fd7a7baa032dfff0fb6be435a4c4c882cb01ce8ba07b67236a9 2194784 emacs21_21.4a+1-5.4_amd64.deb fd9bf90ea8078d727e734af79b0b093e04e8dbef594ec56348305c84e826a04d 1972092 emacs21-nox_21.4a+1-5.4_amd64.deb 1944e35face1c5d335c52e40a61d96c1461bbaea4e4091dc72257cbc33e6940e 164608 emacs21-bin-common_21.4a+1-5.4_amd64.deb Files: f9af6689665c187f65238dbc0660a864 1276 editors optional emacs21_21.4a+1-5.4.dsc 1ac211bccfbd296e9a167e82c0c09624 179573 editors optional emacs21_21.4a+1-5.4.diff.gz 3ddf76fd98997f2eec2a5ee23eafa6dd 9439428 editors optional emacs21-common_21.4a+1-5.4_all.deb 383e6cd3a12b98f48831a420be40c25e 7226102 editors optional emacs21-el_21.4a+1-5.4_all.deb 48dd93b48e14bb46c88ef908c20ba20c 2194784 editors optional emacs21_21.4a+1-5.4_amd64.deb d11eb10a5759b7d561af26009d272134 1972092 editors optional emacs21-nox_21.4a+1-5.4_amd64.deb 76eec7148c99990e03e9173508dd99e2 164608 editors optional emacs21-bin-common_21.4a+1-5.4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIFazqHYflSXNkfP8RAsicAJ9JFtg5/CJ1K3p405+FFjDi/IC7VgCgtgb3 Y5aFHPWEFWxDmlV7IX+ArT0= =g0PK -----END PGP SIGNATURE-----
--- End Message ---

