Bug#612035: vulnerability: rewrite arbitrary user file

2012-07-08 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.6) - use target "stable

Bug#612035: vulnerability: rewrite arbitrary user file

2012-07-08 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.6) - use target "stable

Bug#612035: Ping: Bug#612035: [Pkg-phototools-devel] Bug#612035: vulnerability: rewrite arbitrary user file

2012-02-03 Thread Daniel Friesel
Hi, On Thu, Jan 19, 2012 at 12:47:06PM +, Jonathan Wiltshire wrote: > On Fri, Jul 08, 2011 at 08:06:17PM +0200, Julien Cristau wrote: > > [...] > > ick. mkdtemp(3), please. > Any news on this? the attached patches (created against the unpatched 1.3.4.dfsg.1-1 / 1.8-1 packages) use mkdtemp fo

Bug#612035: Ping: Bug#612035: [Pkg-phototools-devel] Bug#612035: vulnerability: rewrite arbitrary user file

2012-01-19 Thread Jonathan Wiltshire
On Fri, Jul 08, 2011 at 08:06:17PM +0200, Julien Cristau wrote: > On Fri, Jul 8, 2011 at 16:08:17 +0200, Andreas Tille wrote: > > > @@ -275,7 +278,21 @@ > > path = ""; > > } > > else > > - path = "/tmp/"; > > + snprintf(cppid, sizeof(cppid), "%06ld", (long) getpid());

Bug#612035: [Pkg-phototools-devel] Bug#612035: vulnerability: rewrite arbitrary user file

2011-07-08 Thread Julien Cristau
On Fri, Jul 8, 2011 at 16:08:17 +0200, Andreas Tille wrote: > @@ -275,7 +278,21 @@ > path = ""; > } > else > - path = "/tmp/"; > + snprintf(cppid, sizeof(cppid), "%06ld", (long) getpid()); > + > + while ((path == NULL) && (i < )) { > + snprintf(num,

Bug#612035: [Pkg-phototools-devel] Bug#612035: vulnerability: rewrite arbitrary user file

2011-07-08 Thread Andreas Tille
Hi, I attached two debdiff files which should fullfill the requirement of a "smallest possible patch". Here I'm quoting the upstream author for a description of the patch (which is included in the quilt based packaging of 1.8 in the patch description as well): The original fix for this was swit

Bug#612035: vulnerability: rewrite arbitrary user file

2011-07-06 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: lenny (5.0.9) squeeze (6.0.2) Pleas

Bug#612035: vulnerability: rewrite arbitrary user file

2011-02-04 Thread Kees Cook
Package: feh Version: 1.10-1 Severity: grave Tags: security Justification: user security hole User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty This bug report was also filed in Ubuntu and can be found at http://launchpad.net/bugs/607328 The description, from segooon, follows: Bin