Hi, attached is a patch that fixes this issue. It will be also archived on: http://newpeople.debian.org/~nion/nmu-diff/mgetty-1.1.36-1.2_1.1.36-1.3.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mgetty-1.1.36/debian/changelog mgetty-1.1.36/debian/changelog --- mgetty-1.1.36/debian/changelog +++ mgetty-1.1.36/debian/changelog @@ -1,3 +1,12 @@ +mgetty (1.1.36-1.3) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix insecure use of temporary file names that could lead to a symlink + attack. + (debian/patches/78-insecure-tmp-usage; No CVE id yet; Closes: #496403) + + -- Nico Golde <[EMAIL PROTECTED]> Fri, 05 Sep 2008 17:52:42 +0200 + mgetty (1.1.36-1.2) unstable; urgency=medium * Non-maintainer upload. diff -u mgetty-1.1.36/debian/patches/00list mgetty-1.1.36/debian/patches/00list --- mgetty-1.1.36/debian/patches/00list +++ mgetty-1.1.36/debian/patches/00list @@ -28,0 +29 @@ +78-insecure-tmp-usage only in patch2: unchanged: --- mgetty-1.1.36.orig/debian/patches/78-insecure-tmp-usage +++ mgetty-1.1.36/debian/patches/78-insecure-tmp-usage @@ -0,0 +1,37 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 78-insecure-tmp-usage by Nico Golde <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: fix insecure use of temporary file names + [EMAIL PROTECTED]@ +diff -urNad mgetty-1.1.36~/fax/faxspool.in mgetty-1.1.36/fax/faxspool.in +--- mgetty-1.1.36~/fax/faxspool.in 2007-01-19 08:38:22.000000000 +0100 ++++ mgetty-1.1.36/fax/faxspool.in 2008-09-05 17:51:44.000000000 +0200 +@@ -653,7 +653,7 @@ + # + # mkdir a directory in $TMP (or /tmp), convert input to G3 in there + # +-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S` ++spooldir=`mktemp -t -d` + + if ( umask 077 ; mkdir $spooldir ) ; then + $echo "spooling to $spooldir (->$new_seq)..." +@@ -674,10 +674,13 @@ + # + if [ x$file = x- ] + then +- $echo "spooling $file (stdin)..." +- trap "rm /tmp/faxsp.$$" 0 +- cat - >/tmp/faxsp.$$ +- file=/tmp/faxsp.$$ ++ file=`mktemp /tmp/faxspool.XXXXXXXXX` ++ if test -z $file ++ then ++ $echo "ERROR: can't create work file, giving up" >&2 ; exit 6 ++ fi ++ trap "rm $file" 0 ++ cat - >$file + else + $echo "spooling $file..." + fi
pgpwvfHo8AGT4.pgp
Description: PGP signature