Your message dated Mon, 28 Apr 2008 11:17:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476612: fixed in emacs21 21.4a+1-5.4
has caused the Debian Bug report #476612,
regarding CVE-2008-1694: vcdiff insecure temporary file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
476612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476612
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: emacs21
Severity: important
Tags: security

This was brought to our attention by Red Hat on vendor-sec:

Steve Grubb of Red Hat discovered that vcdiff script as shipped with
Emacs (confirmed in versions 20.7 to 22.1.50) uses temporary files
insecurely, which makes it possible for local attacker to conduct a
symlink attack and make the victim overwrite arbitrary file.

diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
--- emacs-21.4.orig/lib-src/vcdiff      2006-09-28 12:07:51.000000000
-0400
+++ emacs-21.4/lib-src/vcdiff   2006-09-28 15:58:53.000000000 -0400
@@ -86,14 +86,14 @@
        case $f in
        s.* | */s.*)
                if
-                       rev1=/tmp/geta$$
+                       rev1=`mktemp /tmp/geta.XXXXXXXX`
                        get -s -p -k $sid1 "$f" > $rev1 &&
                        case $sid2 in
                        '')
                                workfile=`expr " /$f" : '.*/s.\(.*\)'`
                                ;;
                        *)
-                               rev2=/tmp/getb$$
+                               rev2=`mktemp /tmp/getb.XXXXXXXX`
                                get -s -p -k $sid2 "$f" > $rev2
                                workfile=$rev2
                        esac



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages emacs21 depends on:
pn  emacs21-bin-common     <none>            (no description available)
ii  libc6                  2.7-10            GNU C Library: Shared libraries
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libncurses5            5.6+20080405-1    Shared libraries for terminal hand
ii  libpng12-0             1.2.15~beta5-3    PNG library - runtime
ii  libsm6                 2:1.0.3-1+b1      X11 Session Management library
ii  libtiff4               3.8.2-8           Tag Image File Format (TIFF) libra
ii  libungif4g             4.1.6-4           library for GIF images (transition
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxmu6                2:1.0.4-1         X11 miscellaneous utility library
ii  libxpm4                1:3.5.7-1         X11 pixmap library
ii  libxt6                 1:1.0.5-3         X11 toolkit intrinsics library
ii  xaw3dg                 1.5+E-15          Xaw3d widget set
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

emacs21 recommends no packages.



--- End Message ---
--- Begin Message ---
Source: emacs21
Source-Version: 21.4a+1-5.4

We believe that the bug you reported is fixed in the latest version of
emacs21, which is due to be installed in the Debian FTP archive:

emacs21-bin-common_21.4a+1-5.4_amd64.deb
  to pool/main/e/emacs21/emacs21-bin-common_21.4a+1-5.4_amd64.deb
emacs21-common_21.4a+1-5.4_all.deb
  to pool/main/e/emacs21/emacs21-common_21.4a+1-5.4_all.deb
emacs21-el_21.4a+1-5.4_all.deb
  to pool/main/e/emacs21/emacs21-el_21.4a+1-5.4_all.deb
emacs21-nox_21.4a+1-5.4_amd64.deb
  to pool/main/e/emacs21/emacs21-nox_21.4a+1-5.4_amd64.deb
emacs21_21.4a+1-5.4.diff.gz
  to pool/main/e/emacs21/emacs21_21.4a+1-5.4.diff.gz
emacs21_21.4a+1-5.4.dsc
  to pool/main/e/emacs21/emacs21_21.4a+1-5.4.dsc
emacs21_21.4a+1-5.4_amd64.deb
  to pool/main/e/emacs21/emacs21_21.4a+1-5.4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated emacs21 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Apr 2008 12:46:35 +0200
Source: emacs21
Binary: emacs21 emacs21-nox emacs21-bin-common emacs21-common emacs21-el
Architecture: source all amd64
Version: 21.4a+1-5.4
Distribution: unstable
Urgency: high
Maintainer: Rob Browning <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 emacs21    - The GNU Emacs editor
 emacs21-bin-common - The GNU Emacs editor's shared, architecture dependent 
files
 emacs21-common - The GNU Emacs editor's shared, architecture independent 
infrastru
 emacs21-el - GNU Emacs LISP (.el) files
 emacs21-nox - The GNU Emacs editor (without X support)
Closes: 476612
Changes: 
 emacs21 (21.4a+1-5.4) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix insecure temporary file creation in vcdiff script leading to
     possible symlink attacks (CVE-2008-1694; Closes: #476612).
Checksums-Sha1: 
 4a45d6d8e8a92ff3ca7d5bbec4eed6ec88e5d1dd 1276 emacs21_21.4a+1-5.4.dsc
 3f7c4aaa9c2c4de05b73ac4799308381481f94b6 179573 emacs21_21.4a+1-5.4.diff.gz
 a9f27f5f6c8f0a34354c57f64c3595e058fa2a57 9439428 
emacs21-common_21.4a+1-5.4_all.deb
 21fe4314e0f323bb342aff97448498927999729c 7226102 emacs21-el_21.4a+1-5.4_all.deb
 637300c580b9cebca2fe2b0238b6e7c4037738bc 2194784 emacs21_21.4a+1-5.4_amd64.deb
 6dc7d959891b7529b86b5c1f3c8ae1d6f62a8b42 1972092 
emacs21-nox_21.4a+1-5.4_amd64.deb
 05aa8bb7cb1da27725451264fcc26bc737dd0e00 164608 
emacs21-bin-common_21.4a+1-5.4_amd64.deb
Checksums-Sha256: 
 a1a0173b1605e9eed3c979e5ea83901d27696ce77a83cba59721392e0ccd692e 1276 
emacs21_21.4a+1-5.4.dsc
 96c5eeb52e961c525a6a3672d437739945b15e60e03abfbd2ac2a3234c81029b 179573 
emacs21_21.4a+1-5.4.diff.gz
 f731d29b28753b1dd6e431fd6db5ffc9e59d49c9598bc3a060d603b17587215e 9439428 
emacs21-common_21.4a+1-5.4_all.deb
 69b86b5ff1095d3f137b5f1c276386885308c00141bca23226f18b93377a4a2f 7226102 
emacs21-el_21.4a+1-5.4_all.deb
 340a2be70c103fd7a7baa032dfff0fb6be435a4c4c882cb01ce8ba07b67236a9 2194784 
emacs21_21.4a+1-5.4_amd64.deb
 fd9bf90ea8078d727e734af79b0b093e04e8dbef594ec56348305c84e826a04d 1972092 
emacs21-nox_21.4a+1-5.4_amd64.deb
 1944e35face1c5d335c52e40a61d96c1461bbaea4e4091dc72257cbc33e6940e 164608 
emacs21-bin-common_21.4a+1-5.4_amd64.deb
Files: 
 f9af6689665c187f65238dbc0660a864 1276 editors optional emacs21_21.4a+1-5.4.dsc
 1ac211bccfbd296e9a167e82c0c09624 179573 editors optional 
emacs21_21.4a+1-5.4.diff.gz
 3ddf76fd98997f2eec2a5ee23eafa6dd 9439428 editors optional 
emacs21-common_21.4a+1-5.4_all.deb
 383e6cd3a12b98f48831a420be40c25e 7226102 editors optional 
emacs21-el_21.4a+1-5.4_all.deb
 48dd93b48e14bb46c88ef908c20ba20c 2194784 editors optional 
emacs21_21.4a+1-5.4_amd64.deb
 d11eb10a5759b7d561af26009d272134 1972092 editors optional 
emacs21-nox_21.4a+1-5.4_amd64.deb
 76eec7148c99990e03e9173508dd99e2 164608 editors optional 
emacs21-bin-common_21.4a+1-5.4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIFazqHYflSXNkfP8RAsicAJ9JFtg5/CJ1K3p405+FFjDi/IC7VgCgtgb3
Y5aFHPWEFWxDmlV7IX+ArT0=
=g0PK
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to