Bug#496383: xastir - broken temp file patch (#496383)
Hi Joop! You probably wanted to use: TMPFILE=`mktemp -t` instead of TMPFILE = 'mktemp -t' in your patch for #496383, right? HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496403: mgetty insecure temp file usage
Hi Thijs! > # get unique directory name, using faxq-helper This does not seem to be much of an issue beyond DoS, right? mkdir returns an error when $spooldir already exists. Yeah, 'mktemp -t -d' looks like a better alternative though... > # if filename is "-", use stdin I noticed that following patch is used in all Fedora / Red Hat mgetty packages for quite some time now: http://cvs.fedoraproject.org/viewvc/rpms/mgetty/devel/mgetty-1.1.30-mktemp.patch?view=markup (it can possibly benefit from few more Xes in file name template too ;) HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496406: here's a patch (fwbuilder, #496406)
Hi Thijs! Just out of curiosity, why bother with temp file and not use: eval `ssh-agent -s` > /dev/null ? (I haven't checked the actual script, just the patch, so apologies if I'm missing some important bits.) -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#493797: python2.5: CVE-2008-2316 integer overflow in _hashopenssl.c
Hi Nico! > Upstream patch: > https://bugzilla.redhat.com/attachment.cgi?id=313350 That's the patch proposed by reporter - David Remahl of the Apple Product Security team, but it does not seem to be applied upstream yet, either in trunk or 2.5-maint: http://svn.python.org/view/python/trunk/Modules/_hashopenssl.c?view=log (last rev 64048) http://svn.python.org/view/python/branches/release25-maint/Modules/_hashopenssl.c?view=log (last rev 51333) HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#480292: CVE-2008-2079: mysql allows local users to bypass certain privilege checks
Hi Devin! Looks like upstream patch is incomplete. Have you already notified upstream about the problem? > In terms of exploitability, this allows any user with permissions to > create tables in a db the ability to read from, write to and delete > tables from any other database within the same mysql instance. Can you possibly explain this a little closer? MySQL should not allow you to overwrite existing tables via DATA/INDEX DIRECTORY directives. So you can only get access to tables created in the future, if you can predict their names. Or have you managed to escalate privileges to already existing tables using this flaw? Thanks! -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#480059: vorbis-tools vulnerable to CVE-2008-1686
Hi Jamie! I've noticed your USN-611-[123], which patch speex, vorbis-tools and gstreamer plugins. However, I believe fix in libspeex/speex_header.c should be sufficient to address this issue in all affected applications, as they call speex_packet_to_header(). With patch applied, it'll return NULL for malformed speex files and the mode check in speexdec / ogg123 / ... is not reached at all. Or have I missed anything? skx, vorbis-tools do not embed whole speex library, only sample client implementation code. Previous versions of speex required client to perform part of the sanity checks (and many clients did not do that properly), so the check was now moved directly to speex library. HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#479034: CVE-2008-2033: Multiple vulnerabilities
Hi! This is a duplicate of CVE-2008-1381. See references for CVE-2008-1381 for details. HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file
Hi! Upstream patch: svn diff -r14431:14461 https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing
Hi! Should be fixed in 0.8.6f, for patch see: http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff;h=94baded6eff88e39c98b6e3572826f16f21ceec3 http://bugs.gentoo.org/show_bug.cgi?id=214277#c2 -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446354: OpenBSD patch for CVE-2007-5365 is insufficient
Hi! During testing of our updated dhcp packages, we have found out that patch for CVE-2007-5365 used by OpenBSD was not sufficient and it was still possible to crash dhcpd. Your dhcp packages released in DSA 1388-1 also seem affected. You can find better patch based on dhcp-3.x code here: https://bugzilla.redhat.com/show_bug.cgi?id=327781#c5 Note: [EMAIL PROTECTED] was notified on 2007-10-23. Updated DSA 1388-3 released on 2007-10-29. -- Tomas Hoger Red Hat Security Response Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#440100: CVE-2007-4558 rejected as duplicate of CVE-2007-4134
Hi! CVE name CVE-2007-4558 was rejected on 2007-08-30 as duplicate of previously assigned name CVE-2007-4134. Please consider using name CVE-2007-4134 to avoid confusion. -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302677: qmail: FTBFS: Missing Build-Depends on 'groff-base' and missing users and groups
Hi! > I think it is an FTBFS bug. The following should generally work: > > apt-get source qmail > cd qmail-* > dpkg-buildpackage > > For qmail, this does not work because of the missing Build-Depends on > groff-base and because of the missing users/groups. > Those are needed to create 'qmail-src'. It should be possible to > build the 'qmail-src' package. Yes, you're right. I missed one point: it's also FTBFS for qmail-src, not only for qmail (and caused by qmail). My mistake! Hopefully, someone will be able to upload new version soon. th. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302677: qmail: FTBFS: Missing Build-Depends on 'groff-base' and missing users and groups
Hi Andreas! I'm not sure if this really is FTBFS bug. There is no official qmail binary package in Debian, there's only qmail source package, from which qmail-src package is built. build-qmail script from qmail-src package should be used to build qmail binary package. Also note, that qmail-src does depend on groff-base and also does create appropriate users/groups. So no FTBFS when building qmail package this (supported) way. I guess autobuilders are not trying to build qmail, just qmail-src. Regarding your patch, no objections against Build-Depends, probably whole Depends line of qmail-src should be used as Build-Depends for qmail: dpkg-dev (>= 1.4.0.20), patch (>= 2.5-0bo1), gcc, make, fakeroot | sudo, groff-base, debconf However, part creating users/groups is bit bogus. Qmail expects UIDs (not user names!) of its users to be constant since compilation. If you would try to install such package on other machine with no qmail users, they will be created by preinst script (see debian/preinst) with Debian default UIDs. Qmail will not start on such machine and will complain about non-existent users. So users/groups should be created with appropriate UIDs/GIDs OR attached patch can be applied. It disables generation of auto_uids.c file (specifies UIDs which are compiled into qmail binaries) at build time and uses static file with Debian default UIDs. It's just a copy of debian/debian-default_uids.c. I consider latter approach to be better (no account creation/deletion needed on build machine), however maybe Jon is aware of significant problems with this approach, because of which it is not used (apart from problems in enviroment with existing qmail users with different UIDs, which should IMHO be handled in preinst script). But is it really RC FTBFS bug? th. diff -ruN qmail-1.03-orig/Makefile qmail-1.03/Makefile --- qmail-1.03-orig/Makefile2005-05-04 15:30:03.0 +0200 +++ qmail-1.03/Makefile 2005-05-04 14:09:48.0 +0200 @@ -110,19 +110,19 @@ compile auto_split.c ./compile auto_split.c -auto_uids.c: \ -auto-uid auto-gid conf-users conf-groups - ( ./auto-uid auto_uida `head -1 conf-users` \ - &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \ - &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \ - &&./auto-uid auto_uido `head -4 conf-users | tail -1` \ - &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \ - &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \ - &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \ - &&./auto-uid auto_uids `head -8 conf-users | tail -1` \ - &&./auto-gid auto_gidq `head -1 conf-groups` \ - &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \ - ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c +#auto_uids.c: \ +#auto-uid auto-gid conf-users conf-groups +# ( ./auto-uid auto_uida `head -1 conf-users` \ +# &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \ +# &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \ +# &&./auto-uid auto_uido `head -4 conf-users | tail -1` \ +# &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \ +# &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \ +# &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \ +# &&./auto-uid auto_uids `head -8 conf-users | tail -1` \ +# &&./auto-gid auto_gidq `head -1 conf-groups` \ +# &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \ +# ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c auto_uids.o: \ compile auto_uids.c diff -ruN qmail-1.03-orig/TARGETS qmail-1.03/TARGETS --- qmail-1.03-orig/TARGETS 2005-05-04 15:30:03.0 +0200 +++ qmail-1.03/TARGETS 2005-05-04 14:09:07.0 +0200 @@ -154,7 +154,6 @@ auto-uid auto-gid.o auto-gid -auto_uids.c auto_uids.o qmail-lspawn qmail-getpw.o diff -ruN qmail-1.03-orig/auto_uids.c qmail-1.03/auto_uids.c --- qmail-1.03-orig/auto_uids.c 1970-01-01 01:00:00.0 +0100 +++ qmail-1.03/auto_uids.c 2005-05-04 14:08:32.0 +0200 @@ -0,0 +1,10 @@ +int auto_uida = 64010; +int auto_uidd = 64011; +int auto_uidl = 64015; +int auto_uido = 0; +int auto_uidp = 64016; +int auto_uidq = 64014; +int auto_uidr = 64013; +int auto_uids = 64012; +int auto_gidq = 64010; +int auto_gidn = 65534;
