Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

On Sun, 09.12.07, Stephen Birch <[EMAIL PROTECTED]> wrote: > Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: > > > Cant the log files just be placed in the current working directory? > > > Either way, it sounds good. > > > > That would be the same problem if you call vobcopy in a > > world-writab

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Hi Robos, * Robos <[EMAIL PROTECTED]> [2007-12-10 19:39]: > On Sun, 09.12.07, Stephen Birch <[EMAIL PROTECTED]> wrote: > > Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: > > > > Cant the log files just be placed in the current working directory? > > > > Either way, it sounds good. > > > > > > Tha

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Nico Golde([EMAIL PROTECTED])@2007-12-10 00:03: > This does not seem like an option to me too because vobcopy > is using stderr and stdout, I doubt the average user can > redirect those streams in the shell. hmmm .. its not difficult to redirect (1>filea 2>fileb) or to combine (2>&1). But would

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Hi Stephen, * Stephen Birch <[EMAIL PROTECTED]> [2007-12-09 22:09]: > Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: > > > Cant the log files just be placed in the current working directory? > > > Either way, it sounds good. [...] > > Point taken. Let me ask this, is there any real value in eit

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: > > Cant the log files just be placed in the current working directory? > > Either way, it sounds good. > > That would be the same problem if you call vobcopy in a > world-writable directory. Checking if the file already > exists and creating a uni

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Hi Stephen, * Stephen Birch <[EMAIL PROTECTED]> [2007-12-09 21:13]: > Robos([EMAIL PROTECTED])@2007-12-08 23:02: [...] > > I think about moving the place of the logfiles to the home of the calling > > user, > > are there any objections agains this? > > Cant the log files just be placed in the cu

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Robos([EMAIL PROTECTED])@2007-12-08 23:02: > I'm working on it. Time is short though so it might take another week. Maybe I should upload 1.0.2, at least to get it into the debian system. I want to get the bugs closed in their system! > I think about moving the place of the logfiles to the home o

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

On Fri, 07.12.07, Steffen Joeris <[EMAIL PROTECTED]> wrote: > Hi Hi > Any update on this? I'm working on it. Time is short though so it might take another week. I think about moving the place of the logfiles to the home of the calling user, are there any objections agains this? Cheers Robos > C

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Hi Steffen, * Steffen Joeris <[EMAIL PROTECTED]> [2007-12-07 19:29]: > Any update on this? Nope. I had not yet the time to look into a prospective patch. A quick look at the source revealed that the code is pretty bad and it would be some work to integrate this in a clean way. I contacted the u

Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling

Hi Any update on this? Cheers Steffen signature.asc Description: This is a digitally signed message part.