oss-sec mailing list archives
Re: Security fixes in m4-1.4.11
From: Lubomir Kundrak <lkundrak () redhat com>
Date: Mon, 07 Apr 2008 09:11:11 +0200
On Sun, 2008-04-06 at 20:42 -0400, Steven M. Christey wrote:
On Sun, 6 Apr 2008, Patrick J. Volkerding wrote:Minor security fix: Quote output of mkstemp.Use CVE-2008-1687
This does not sound like a security problem. Mkstemp would never output any shell metacharacters.
Security fix: avoid arbitrary code execution with 'm4 -F'.Use CVE-2008-1688 Note - these CVE's will not be live until Monday. - Steve
-- Lubomir Kundrak (Red Hat Security Response Team)
Current thread:
- Security fixes in m4-1.4.11 Patrick J. Volkerding (Apr 06)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Florian Weimer (Apr 07)
- Re: Security fixes in m4-1.4.11 Josh Bressers (Apr 11)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)