On 02/05/2014 01:40 AM, cve-ass...@mitre.org wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5
* Fri Jan 05 2001 Preston Brown <pbr...@redhat.com>
- security patch for tmpfile creation from Olaf Kirch <o...@lst.de>
followed the next month by a fix to that patch:
* Mon Feb 12 2001 Tim Waugh <twa...@redhat.com>
- Fix tmpfile security patch so that it actually _works_ (bug #27155).
Does anyone have information indicating that two CVE-2001-#### IDs are
needed to cover the discoveries by Olaf Kirch and Tim Waugh 13 years
ago? This would be the case if, for example, there was a January 2001
a2ps package that fixed part of the problem with temporary files.
Admittedly, the practical value of two CVE-2001-#### IDs at present
may be extremely small.
The information does not seem to be in a2ps.git because data before
2004 is unavailable, e.g.,
http://pkgs.fedoraproject.org/cgit/a2ps.git/log/?ofs=100
Also:
https://bugzilla.redhat.com/show_bug.cgi?id=27155
You are not authorized to access bug #27155.
If (as we would expect) nobody is interested in checking that, we will
assign one CVE-2001-#### ID.
Hello,
I spent a little time looking but could not determine if a release was
made to fix only part of the problem. So one ID is fine by us.
bug #27155 just contains some gdb output. Therefore I assumed it was
public and didn't check before sending it here.
Thanks for looking at this.
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
