Bugzilla – Attachment 36211 Details for
Bug 81521
VUL-0: CVE-2005-1152: file-races in qpopper
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
patch for CAN2005-1152
patch.CAN-2005-1152.qpopper (text/plain), 1.01 KB, created by
Sebastian Krahmer
on 2005-05-02 08:22:10 UTC
(
hide
)
Description:
patch for CAN2005-1152
Filename:
MIME Type:
Creator:
Sebastian Krahmer
Created:
2005-05-02 08:22:10 UTC
Size:
1.01 KB
patch
obsolete
>diff -u qpopper-4.0.4/debian/changelog qpopper-4.0.4/debian/changelog >--- qpopper-4.0.4/debian/changelog >+++ qpopper-4.0.4/debian/changelog >@@ -1,3 +1,15 @@ >+qpopper (4.0.4-2.woody.5) stable-security; urgency=high >+ >+ * Non-maintainer upload by the Security Team >+ * Applied upstream patch to ensure that no group- or world-readable >+ files are created [popper/popauth.c, CAN-2005-1152] >+ >+ -- Martin Schulze <joey@infodrom.org> Wed, 20 Apr 2005 20:27:57 +0200 >+ > qpopper (4.0.4-2.woody.4) stable-security; urgency=medium > > * Non-maintainer upload by the Security Team >only in patch2: >unchanged: >--- qpopper-4.0.4.orig/popper/popauth.c >+++ qpopper-4.0.4/popper/popauth.c >@@ -669,6 +695,7 @@ > > memset ( &pop_pw, 0, sizeof(pop_pw) ); > memset ( &my_pw, 0, sizeof(my_pw) ); >+ umask ( 0077 ); /* make sure we don't create group- or world-writable files */ > srandom ( (unsigned int) time ( (TIME_T *) 0) ); /* seed random with the > current time */ >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=36211">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 81521
:
36210
| 36211 |
36216
|
36217