oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

From: Robert Buchholz <rbu () gentoo org>
Date: Thu, 30 Oct 2008 22:53:29 +0100
Hi,

Gentoo could need CVEs for some more of the insecure tempfile issues 
found by Debian. For others, we have gathered a list of all the bugs 
created at our tracker https://bugs.gentoo.org/show_bug.cgi?id=235770

* aview
DEBIAN: http://bugs.debian.org/496422
GENTOO: https://bugs.gentoo.org/235808
FILES: asciiview
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/aview

* mgetty
DEBIAN: http://bugs.debian.org/496403
GENTOO: https://bugs.gentoo.org/235806
FILES: faxspool
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-fax

* openoffice.org
DEBIAN: http://bugs.debian.org/496361
GENTOO: https://bugs.gentoo.org/235824
http://www.securityfocus.com/bid/30925
FILES: senddoc
CODE: 
http://dev.gentoo.org/~rbu/security/debiantemp/openoffice.org-common
   [etch] - openoffice.org <not-affected> (Vulnerable code not present)
   NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.

* crossfire
DEBIAN: http://bugs.debian.org/496358
GENTOO: https://bugs.gentoo.org/236205
FILES: combine.pl
CODE: http://dev.gentoo.org/~rbu/security/debiantemp/crossfire-maps


Robert

Attachment: signature.asc
Description: This is a digitally signed message part.

Previous By Date Next
Previous By Thread Next

Current thread: