[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Changed in: wml (Ubuntu Edgy) Status: Fix Committed => Fix Released ** Changed in: wml (Ubuntu Dapper) Status: Fix Committed => Fix Released -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
This bug was fixed in the package wml - 2.0.11-1ubuntu0.1 --- wml (2.0.11-1ubuntu0.1) feisty-security; urgency=low * debian/control - updated maintainer field * SECURITY UPDATE: (LP: #191205) + wml_backend/p1_ipp/ipp.src (CVE-2008-0665) - in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. + wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666) - Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. * References + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 -- Emanuele Gentili <[EMAIL PROTECTED]> Mon, 10 Mar 2008 17:28:13 +0100 -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
This bug was fixed in the package wml - 2.0.11-2ubuntu0.1 --- wml (2.0.11-2ubuntu0.1) gutsy-security; urgency=low * debian/control - updated maintainer field * SECURITY UPDATE: (LP: #191205) + wml_backend/p1_ipp/ipp.src (CVE-2008-0665) - in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. + wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666) - Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. * References + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 -- Emanuele Gentili <[EMAIL PROTECTED]> Mon, 10 Mar 2008 16:58:14 +0100 ** Changed in: wml (Ubuntu Gutsy) Status: Fix Committed => Fix Released ** Changed in: wml (Ubuntu Feisty) Status: Fix Committed => Fix Released -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
Great! Thanks, dapper/edgy have been uploaded. ** Changed in: wml (Ubuntu Dapper) Status: In Progress => Fix Committed ** Changed in: wml (Ubuntu Edgy) Status: In Progress => Fix Committed -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "dapper_wml_2.0.8-11ubuntu0.6.06.debdiff" http://launchpadlibrarian.net/12672726/dapper_wml_2.0.8-11ubuntu0.6.06.debdiff ** Changed in: wml (Ubuntu Edgy) Status: Incomplete => In Progress ** Changed in: wml (Ubuntu Dapper) Status: Incomplete => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "edgy_wml_2.0.8-11ubuntu0.6.10.debdiff" http://launchpadlibrarian.net/12672713/edgy_wml_2.0.8-11ubuntu0.6.10.debdiff -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
Sorry to keep picking on these debdiffs, but dapper and edgy can't have maintainer field updates -- the build tools don't expect it. ** Changed in: wml (Ubuntu Edgy) Status: In Progress => Incomplete ** Changed in: wml (Ubuntu Dapper) Status: In Progress => Incomplete -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "edgy_wml_2.0.8-11ubuntu0.6.10.debdiff" http://launchpadlibrarian.net/12661970/edgy_wml_2.0.8-11ubuntu0.6.10.debdiff ** Changed in: wml (Ubuntu Edgy) Status: Incomplete => In Progress ** Changed in: wml (Ubuntu Dapper) Status: Incomplete => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "dapper_wml_2.0.8-11ubuntu0.6.06.debdiff" http://launchpadlibrarian.net/12661969/dapper_wml_2.0.8-11ubuntu0.6.06.debdiff -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
Feisty and Gutsy uploaded, thanks! They should publish shortly. ** Changed in: wml (Ubuntu Feisty) Status: In Progress => Fix Committed ** Changed in: wml (Ubuntu Gutsy) Status: In Progress => Fix Committed -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
Edgy/Dapper versions need to follow the SUP's versioning scheme -- they can't be the same version number in security updates. [1] https://wiki.ubuntu.com/SecurityUpdateProcedures ** Changed in: wml (Ubuntu Dapper) Status: In Progress => Incomplete ** Changed in: wml (Ubuntu Edgy) Status: In Progress => Incomplete ** Changed in: wml (Ubuntu) Status: In Progress => Fix Released -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Changed in: wml (Ubuntu Edgy) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress ** Changed in: wml (Ubuntu Dapper) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
same edgy version, debdiff attached. ** Attachment added: "dapper_wml_2.0.8-11ubuntu0.1.debdiff" http://launchpadlibrarian.net/12561435/dapper_wml_2.0.8-11ubuntu0.1.debdiff -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "edgy_wml_2.0.8-11ubuntu0.1.debdiff" http://launchpadlibrarian.net/12561330/edgy_wml_2.0.8-11ubuntu0.1.debdiff -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Attachment added: "feisty_wml_2.0.11-1ubuntu0.1.debdiff" http://launchpadlibrarian.net/12547475/feisty_wml_2.0.11-1ubuntu0.1.debdiff ** Changed in: wml (Ubuntu Feisty) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
hardy fixed. ** Changed in: wml (Ubuntu) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
+wml (2.0.11-2ubuntu0.1) gutsy-security; urgency=low + + * debian/control + - updated maintainer field + * SECURITY UPDATE: (LP: #191205) + + wml_backend/p1_ipp/ipp.src (CVE-2008-0665) +- in Website META Language (WML) 2.0.11 allows local + users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp + temporary file. + + wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666) +- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary + files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by + wml_contrib/wmg.cgi and (2) temporary files used by + wml_backend/p3_eperl/eperl_sys.c. + * References + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665 + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666 + + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 + + -- Emanuele Gentili <[EMAIL PROTECTED]> Mon, 10 Mar 2008 16:58:14 +0100 ** Attachment added: "gutsy_wml_2.0.11-2ubuntu0.1.debdiff" http://launchpadlibrarian.net/12547127/gutsy_wml_2.0.11-2ubuntu0.1.debdiff ** Changed in: wml (Ubuntu Gutsy) Importance: Undecided => Low Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0666 -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191205] Re: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
** Changed in: wml (Debian) Status: Unknown => Fix Released -- [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files https://bugs.launchpad.net/bugs/191205 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs