On Thu, 02 Aug 2012 18:47:34 +0100, Adam D. Barratt wrote: > > This is about #671255: "CVE-2012-2451: CWE-377 Insecure Temporary > > File". Seems we all have forgot about the update in wheezy :) > I think you meant squeeze. ;-)
Oops, right. Seems I have my focus somewhere else :) > For completeness, could we have the final proposed debdiff in this bug > please? Sure, attached. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Kante: Ituri
diffstat for libconfig-inifiles-perl_2.52-1 libconfig-inifiles-perl_2.52-1+squeeze1
lib/Config/IniFiles.pm | 25 ++++++++++++++++++-------
libconfig-inifiles-perl-2.52/debian/changelog | 10 ++++++++++
2 files changed, 28 insertions(+), 7 deletions(-)
diff -u libconfig-inifiles-perl-2.52/debian/changelog libconfig-inifiles-perl-2.52/debian/changelog
--- libconfig-inifiles-perl-2.52/debian/changelog
+++ libconfig-inifiles-perl-2.52/debian/changelog
@@ -1,3 +1,13 @@
+libconfig-inifiles-perl (2.52-1+squeeze1) stable-proposed-updates; urgency=low
+
+ * Team upload.
+ * SECURITY BUG FIX: Config::IniFiles used to write to a temporary
+ filename with a predictable name ("${filename}-new") which opens the
+ door for potential exploits. -- CVE-2012-2451, CWE-377
+ (Closes: #671255)
+
+ -- gregor herrmann <gre...@debian.org> Fri, 03 Aug 2012 00:03:19 +0200
+
libconfig-inifiles-perl (2.52-1) unstable; urgency=low
[ Jonathan Yu ]
only in patch2:
unchanged:
--- libconfig-inifiles-perl-2.52.orig/lib/Config/IniFiles.pm
+++ libconfig-inifiles-perl-2.52/lib/Config/IniFiles.pm
@@ -9,6 +9,9 @@
use Carp;
use Symbol 'gensym','qualify_to_ref'; # For the 'any data type' hack
+use File::Basename qw( dirname );
+use File::Temp qw/ tempfile /;
+
@Config::IniFiles::errors = ( );
# $Header: /home/shlomi/progs/perl/cpan/Config/IniFiles/config-inifiles-cvsbackup/config-inifiles/IniFiles.pm,v 2.41 2003-12-08 10:50:56 domq Exp $
@@ -1194,15 +1197,23 @@
#carp "Store mode $self->{file_mode} prohibits writing config";
}
- my $new_file = $file . "-new";
- local(*F);
- open(F, "> $new_file") || do {
- carp "Unable to write temp config file $new_file: $!";
- return undef;
+ my ($fh, $new_file);
+ eval {
+ ($fh, $new_file) = tempfile(
+ "temp.ini-XXXXXXXXXX",
+ DIR => dirname($file)
+ );
};
- my $oldfh = select(F);
+
+ if ($@)
+ {
+ carp( "Unable to write temp config file: $!" );
+ return undef;
+ }
+
+ my $oldfh = select($fh);
$self->OutputConfig($parms{-delta});
- close(F);
+ close($fh);
select($oldfh);
rename( $new_file, $file ) || do {
carp "Unable to rename temp config file ($new_file) to $file: $!";
signature.asc
Description: Digital signature
