Bug#496403: intent to NMU

Fri, 05 Sep 2008 09:10:23 -0700 

Hi,
attached is a patch that fixes this issue.
It will be also archived on:
http://newpeople.debian.org/~nion/nmu-diff/mgetty-1.1.36-1.2_1.1.36-1.3.patch

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u mgetty-1.1.36/debian/changelog mgetty-1.1.36/debian/changelog
--- mgetty-1.1.36/debian/changelog
+++ mgetty-1.1.36/debian/changelog
@@ -1,3 +1,12 @@
+mgetty (1.1.36-1.3) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix insecure use of temporary file names that could lead to a symlink
+    attack.
+    (debian/patches/78-insecure-tmp-usage; No CVE id yet; Closes: #496403)
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Fri, 05 Sep 2008 17:52:42 +0200
+
 mgetty (1.1.36-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u mgetty-1.1.36/debian/patches/00list mgetty-1.1.36/debian/patches/00list
--- mgetty-1.1.36/debian/patches/00list
+++ mgetty-1.1.36/debian/patches/00list
@@ -28,0 +29 @@
+78-insecure-tmp-usage
only in patch2:
unchanged:
--- mgetty-1.1.36.orig/debian/patches/78-insecure-tmp-usage
+++ mgetty-1.1.36/debian/patches/78-insecure-tmp-usage
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 78-insecure-tmp-usage by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix insecure use of temporary file names
+
[EMAIL PROTECTED]@
+diff -urNad mgetty-1.1.36~/fax/faxspool.in mgetty-1.1.36/fax/faxspool.in
+--- mgetty-1.1.36~/fax/faxspool.in	2007-01-19 08:38:22.000000000 +0100
++++ mgetty-1.1.36/fax/faxspool.in	2008-09-05 17:51:44.000000000 +0200
+@@ -653,7 +653,7 @@
+ #
+ # mkdir a directory in $TMP (or /tmp), convert input to G3 in there
+ #
+-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S`
++spooldir=`mktemp -t -d`
+ 
+ if ( umask 077 ; mkdir $spooldir ) ; then
+     $echo "spooling to $spooldir (->$new_seq)..."
+@@ -674,10 +674,13 @@
+ #
+     if [ x$file = x- ]
+     then
+-	$echo "spooling $file (stdin)..."
+-	trap "rm /tmp/faxsp.$$" 0
+-        cat - >/tmp/faxsp.$$
+-	file=/tmp/faxsp.$$
++	file=`mktemp /tmp/faxspool.XXXXXXXXX`
++	if test -z $file
++	then
++		$echo "ERROR: can't create work file, giving up" >&2 ; exit 6
++	fi
++	trap "rm $file" 0
++	cat - >$file
+     else
+ 	$echo "spooling $file..."
+     fi

Attachment: pgpwvfHo8AGT4.pgp
Description: PGP signature

Reply via email to