Your message dated Mon, 18 Apr 2011 08:35:55 +0200
with message-id <20110418063555.ga9...@an3as.eu>
and subject line Bug#612035: Fixed in 1.12
has caused the Debian Bug report #612035,
regarding vulnerability: rewrite arbitrary user file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
612035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612035
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: feh
Version: 1.10-1
Severity: grave
Tags: security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty
This bug report was also filed in Ubuntu and can be found at
http://launchpad.net/bugs/607328
The description, from segooon, follows:
Binary package hint: feh
Hi, I've just discovered that feh is vulnerable to rewriting any user file:
tmpname_timestamper =
estrjoin("", "/tmp/feh_", cppid, "_", basename, NULL);
....
execlp("wget", "wget", "-N", "-O", tmpname_timestamper, newurl,
quiet, (char*) NULL);
If attacker knows PID of feh and knows the URL, it can create the link to any
user file. wget would overwrite it.
Thanks.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty
APT policy: (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Hi,
as Francesco correctly pointed out this bug should be closed (just
forgot to mention it in the changelog). Thanks for the hint
Andreas.
----- Forwarded message from Francesco Poli <invernom...@paranoici.org> -----
X-Debian-PR-Message: followup 612035
X-Debian-PR-Package: feh
X-Debian-PR-Keywords: security
X-Debian-PR-Source: feh
Date: Fri, 15 Apr 2011 22:08:22 +0200
From: Francesco Poli <invernom...@paranoici.org>
To: 612...@bugs.debian.org
Cc: Daniel Friesel <d...@finalrewind.org>
Subject: [Pkg-phototools-devel] Bug#612035: Fixed in 1.12
On Sun, 13 Mar 2011 06:52:24 +0100 Daniel Friesel wrote:
> Hi,
>
> feh 1.12 has just been released, which fixes this bug by switching from wget
> to mkstemp + libcurl.
>
> <http://feh.finalrewind.org/changelog>
> <http://feh.finalrewind.org/feh-1.12.tar.bz2>
Hi, if the security team confirms that the vulnerability is really
fixed in feh version 1.12, I think that this bug report should be
closed as fixed in feh/1.12-1 ...
Or am I wrong?
----- End forwarded message -----
--
http://fam-tille.de
--- End Message ---
