tags 466382 + patch thanks Hi, after Julien Cristau told me there is an open_temp_file function in Ocaml and a bit reading of the Ocaml documentation I can come up with a patch.
It will be also archived on: http://people.debian.org/~nion/nmu-diff/wyrd-1.4.3b-3_1.4.3b-3.1.patch Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u wyrd-1.4.3b/debian/patches/00list wyrd-1.4.3b/debian/patches/00list
--- wyrd-1.4.3b/debian/patches/00list
+++ wyrd-1.4.3b/debian/patches/00list
@@ -1,0 +2 @@
+02-CVE-2008-0806
diff -u wyrd-1.4.3b/debian/changelog wyrd-1.4.3b/debian/changelog
--- wyrd-1.4.3b/debian/changelog
+++ wyrd-1.4.3b/debian/changelog
@@ -1,3 +1,12 @@
+wyrd (1.4.3b-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * This update addresses the following issue:
+ CVE-2008-0806: insecure temporary file creation that
+ could lead to symlink attacks and thus data loss (Closes: #466382).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Tue, 19 Feb 2008 22:28:12 +0100
+
wyrd (1.4.3b-3) unstable; urgency=low
* Fixed debian/watch file.
only in patch2:
unchanged:
--- wyrd-1.4.3b.orig/debian/patches/02-CVE-2008-0806.dpatch
+++ wyrd-1.4.3b/debian/patches/02-CVE-2008-0806.dpatch
@@ -0,0 +1,40 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02-CVE-2008-0806.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad wyrd-1.4.3b~/interface_main.ml wyrd-1.4.3b/interface_main.ml
+--- wyrd-1.4.3b~/interface_main.ml 2007-08-20 03:24:26.000000000 +0200
++++ wyrd-1.4.3b/interface_main.ml 2008-02-19 22:14:28.000000000 +0100
+@@ -1066,7 +1066,7 @@
+ in
+ Hashtbl.iter find_binding Rcfile.table_commandstr_command;
+ let sorted_list = List.fast_sort Pervasives.compare !bindings in
+- let out_channel = open_out Rcfile.tmpfile in
++ let out_channel = Rcfile.tmpfd in
+ List.iter (output_string out_channel) sorted_list;
+ close_out out_channel;
+ def_prog_mode ();
+@@ -1786,7 +1786,7 @@
+ let i = draw_msg iface in
+ handle_refresh i reminders
+ |Rcfile.Quit ->
+- let new_iface = {iface with run_wyrd = false} in
++ Sys.remove Rcfile.tmpfile;let new_iface = {iface with run_wyrd = false} in
+ (new_iface, reminders)
+ with Not_found ->
+ let _ = beep () in
+diff -urNad wyrd-1.4.3b~/rcfile.ml wyrd-1.4.3b/rcfile.ml
+--- wyrd-1.4.3b~/rcfile.ml 2007-08-20 03:24:26.000000000 +0200
++++ wyrd-1.4.3b/rcfile.ml 2008-02-19 22:13:21.000000000 +0100
+@@ -136,7 +136,7 @@
+ (* Final hash table that maps from object to color_pair index *)
+ let object_palette = Hashtbl.create 20
+
+-let tmpfile = "/tmp/wyrd-tmp." ^ (string_of_int (Unix.getuid ()))
++let tmpfile,tmpfd = Filename.open_temp_file "wyrd" "-temp"
+
+
+ (* Turn colors on and off *)
pgpknUeK5AzEl.pgp
Description: PGP signature
