Hi, I'm going to upload an NMU for this one. Patch attached and archived on: http://people.debian.org/~nion/nmu-diff/sgml2x-1.0.0-11.1_1.0.0-11.2.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u sgml2x-1.0.0/debian/changelog sgml2x-1.0.0/debian/changelog --- sgml2x-1.0.0/debian/changelog +++ sgml2x-1.0.0/debian/changelog @@ -1,3 +1,11 @@ +sgml2x (1.0.0-11.2) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix possible symlink attacks in rlatex by using mktemp to create + temporary files in a secure way (Closes: #496368) + + -- Nico Golde <[EMAIL PROTECTED]> Wed, 27 Aug 2008 14:14:43 +0200 + sgml2x (1.0.0-11.1) unstable; urgency=low * Non-maintainer upload. only in patch2: unchanged: --- sgml2x-1.0.0.orig/bin/rlatex +++ sgml2x-1.0.0/bin/rlatex @@ -5,27 +5,25 @@ LATEXPRG=${LATEXPRG:-latex} while true; do - pid=$$ - export pid - rm -f /tmp/rlok$pid - ( - if ${LATEXPRG} $* + RLSOTMP=$(mktemp /tmp/RLSO.XXXXXXXX) + RLOKTMP="xxx" + + if ${LATEXPRG} $* | tee $RLSOTMP then - touch /tmp/rlok$pid + RLOKTMP=$(mktemp /tmp/rlok.XXXXXXXX) fi - ) | tee /tmp/rlso$pid - if [ ! -f /tmp/rlok$pid ] - then - rm -f /tmp/rlso$pid + if [ $RLOKTMP = "xxx" ] + then echo >&2 "$(basename $0): Exiting in error" exit 1 - fi + fi - if ! grep -E '^(LaTeX Warning: (Label\(s\) may|There were undefined references)|Package longtable Warning: Table widths have changed)' /tmp/rlso$pid >/dev/null + if ! grep -E '^(LaTeX Warning: (Label\(s\) may|There were undefined references)|Package longtable Warning: Table widths have changed)' $RLSOTMP >/dev/null then - rm -f /tmp/rlso$pid + rm -f $RLSOTMP exit 0 fi echo "Re-running LaTeX" + rm -f $RLSOTMP $RLOKTMP done
pgpwi3d5cTfyG.pgp
Description: PGP signature