Bug#143124: marked as done (wmmand: temporary file is created in an insecure way)

Mon, 03 Apr 2006 01:09:42 -0700 

Your message dated Mon, 03 Apr 2006 00:47:09 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#143124: fixed in wmmand 1.2.1-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: wmmand
Version: 1.1-1
Severity: grave
Tags: patch
Justification: user security hole

Hi,

in order to display a large image, wmMand open a file with the fixed
name /tmp/wmMand.gif for writing.  This allows a malicious user to
overwrite other people's file by symlinking to them.  The patch below
still uses a fixed name, but the user can now choose to not put it in
a world writable directory.

Regards, Jens.

--- wmMand/wmMand.c~    Tue Apr 16 12:40:19 2002
+++ wmMand/wmMand.c     Tue Apr 16 12:40:39 2002
@@ -438,11 +438,11 @@
                ComputeImage(Center_x, Center_y, 540, 540, Range, BigImage);
            else
               ComputeJulia(Center_x, Center_y, 540, 540, Range, BigImage);
-           if ((fp_gif = fopen("/tmp/wmMand.gif", "w")) != NULL ) {
+           if ((fp_gif = fopen("wmMand.gif", "w")) != NULL ) {
                    WriteGIF(fp_gif, BigImage, 0, 540, 540, Info->RRR, 
Info->GGG, Info->BBB, 256, 0, "");
                    fclose(fp_gif);
                    /* dependency on imagemagick */
-                   system("display /tmp/wmMand.gif &");
+                   system("display wmMand.gif &");
            }
 
 


-- System Information
Debian Release: 3.0
Architecture: powerpc
Kernel: Linux sleipnir 2.4.18-sleipnir #2 Wed Apr 10 16:23:01 CEST 2002 ppc
Locale: LANG=C, LC_CTYPE=C

Versions of packages wmmand depends on:
ii  libc6                         2.2.5-4    GNU C Library: Shared libraries an
ii  xlibs                         4.1.0-14   X Window System client libraries

--- End Message ---
--- Begin Message --- 
Source: wmmand
Source-Version: 1.2.1-1

We believe that the bug you reported is fixed in the latest version of
wmmand, which is due to be installed in the Debian FTP archive:

wmmand_1.2.1-1.diff.gz
  to pool/main/w/wmmand/wmmand_1.2.1-1.diff.gz
wmmand_1.2.1-1.dsc
  to pool/main/w/wmmand/wmmand_1.2.1-1.dsc
wmmand_1.2.1-1_i386.deb
  to pool/main/w/wmmand/wmmand_1.2.1-1_i386.deb
wmmand_1.2.1.orig.tar.gz
  to pool/main/w/wmmand/wmmand_1.2.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matej Vela <[EMAIL PROTECTED]> (supplier of updated wmmand package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  3 Apr 2006 09:32:17 +0200
Source: wmmand
Binary: wmmand
Architecture: source i386
Version: 1.2.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Matej Vela <[EMAIL PROTECTED]>
Description: 
 wmmand     - a dockable Mandelbrot fractal browser
Closes: 35971 44993 55843 92682 115469 125495 143124 346775
Changes: 
 wmmand (1.2.1-1) unstable; urgency=low
 .
   * QA upload.
   * New upstream release.
   * Package is orphaned (#357501); set maintainer to Debian QA Group.
   * Acknowledge NMUs.  Closes: #35971, #44993, #55843, #92682, #115469,
     #125495, #143124, #346775.
   * Switch to debhelper 5.
   * debian/copyright: Update upstream URL and copyrights.
   * debian/menu: Add quotes to placate Lintian.
   * debian/rules: Add support for DEB_BUILD_OPTIONS=noopt.
   * Conforms to Standards version 3.6.2.
Files: 
 c134bb4345c9f49f35a95fb173d37eb1 605 games optional wmmand_1.2.1-1.dsc
 5a33da4d024738cb7d13062ab83d52e1 39468 games optional wmmand_1.2.1.orig.tar.gz
 92ba4e5469b7c1b0d230c931aab5d3b0 2637 games optional wmmand_1.2.1-1.diff.gz
 e04db1a1d20ad67be117f8e6f8a08dcf 21698 games optional wmmand_1.2.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMM+7xBYivKllgY8RApHtAJ0SoiFbdfiF3vSkVK2N4PcqYYryPQCfS2mu
fZU1hUSBr3aAunrIY9KVsD8=
=Spev
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to