Your message dated Sat, 06 Feb 2016 08:26:57 +0100
with message-id <[email protected]>
and subject line Re: Bug#605419: gnash: configure creates temp files insecurely
has caused the Debian Bug report #605419,
regarding CVE-2010-4337 gnash: configure creates temp files insecurely
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
605419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnash
Version: 0.8.8-5
Tags: security
The configure script creates temporary files in an insecure way:
$ grep -A 7 '$$' gnash-0.8.8/configure
cerr=/tmp/gnash-configure-errors.$$
cwarn=/tmp/gnash-configure-warnings.$$
crec=/tmp/gnash-configure-recommended.$$
echo ""
#trap 'rm cerr' 0 # trap isn't a good idea, might override other traps
exec 3> $cerr
exec 4> $cwarn
exec 5> $crec
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Version: 0.8.9-1
[Gabriele Giacone]
> Fixed upstream [1].
> 0.8.9~git20101219-1 version in experimental not affected.
> I'll try to propose it for squeeze as well.
Somehow this bug was never closed in 0.8.9, and the CVE tracker missed that it
is fixed. Trying to fix it.
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
