Bug#724614: txt2man: unsafe use of temporary files

[Jonathan Wiltshire]

Package: txt2man
Version: 1.5.5-4
Severity: normal
Tags: patch pending security

Dear maintainer,

txt2man in all suites allows overwriting of arbitrary files by an unsafe
use of the file /tmp/2222. This was introduced by a Debian patch.

The fix for this is to remove the line:
  echo $post > /tmp/2222
which appears to be leftover debugging.

It is my intention to perform an NMU in two days if the bug remains
unfixed, and to then upload fixes for stable and oldstable. If you object,
please tell me as soon as possible.

If you fix the bug yourself, please include a reference to the assigned CVE
number, CVE-2013-1444.

Regards.

-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51


diff -Nru txt2man-1.5.5/debian/changelog txt2man-1.5.5/debian/changelog
--- txt2man-1.5.5/debian/changelog	2011-04-11 10:37:22.000000000 +0100
+++ txt2man-1.5.5/debian/changelog	2013-09-25 19:08:15.000000000 +0100
@@ -1,3 +1,12 @@
+txt2man (1.5.5-4.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Fix CVE-2013-1444: insecure use of temporary files
+    by removing apparant debug output from
+    patches/debian-changes-1.5.5-2.1 (Closes: #nnnnnn)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Wed, 25 Sep 2013 19:07:07 +0100
+
 txt2man (1.5.5-4) unstable; urgency=low
  
   * Updated Standards version
diff -Nru txt2man-1.5.5/debian/patches/debian-changes-1.5.5-2.1 txt2man-1.5.5/debian/patches/debian-changes-1.5.5-2.1
--- txt2man-1.5.5/debian/patches/debian-changes-1.5.5-2.1	2011-04-11 10:37:22.000000000 +0100
+++ txt2man-1.5.5/debian/patches/debian-changes-1.5.5-2.1	2013-09-25 19:07:02.000000000 +0100
@@ -47,7 +47,7 @@
  			printf ".EH ||%s||\n" "$volume"
 --- txt2man-1.5.5.orig/txt2man
 +++ txt2man-1.5.5/txt2man
-@@ -139,11 +139,12 @@ do
+@@ -139,11 +139,11 @@ do
  	p) doprobe=1;;
  	I) itxt="$OPTARG§$itxt";;
  	B) btxt=$OPTARG;;
@@ -57,7 +57,6 @@
  	*) usage; exit;;
  	esac
  done
-+echo $post > /tmp/2222
  shift $(($OPTIND - 1))
  date=${date:-$(date +'%d %B %Y')}
  

signature.asc
Description: Digital signature