Bug#875415: marked as done (predictable /tmp file vulnerability while building libreoffice)

To: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Subject: Bug#875415: marked as done (predictable /tmp file vulnerability while building libreoffice)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 17 Apr 2024 12:00:39 +0000
Message-id: <[🔎] handler.875415.D875415.17133548431290359.ackdone@bugs.debian.org>
Reply-to: 875415@bugs.debian.org
References: <[🔎] E1rx3rG-00E477-S5@fasolo.debian.org> <20170911085538.nwdatxxnshefnnvy@alf.mars>

Your message dated Wed, 17 Apr 2024 11:53:46 +0000
with message-id <[🔎] E1rx3rG-00E477-S5@fasolo.debian.org>
and subject line Bug#1069123: Removed package(s) from experimental
has caused the Debian Bug report #875415,
regarding predictable /tmp file vulnerability while building libreoffice
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
875415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875415
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: predictable /tmp file vulnerability while building libreoffice
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 11 Sep 2017 10:55:39 +0200
Message-id: <20170911085538.nwdatxxnshefnnvy@alf.mars>

Source: libreoffice
Version: 1:5.4.0-1
Severity: important
Tags: security upstream

Looking at a sample build log
(https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=m68k&ver=1%3A5.4.1-1&stamp=1504466495&raw=0)
one can see:

| ... analyzing package list ...
| ... creating log file /tmp/LibreOffice//logging/en-US/log_540_en-US.log
| ... creating installation set in /tmp/LibreOffice//install/LibreOffice_5.4.1.2.0_Linux ...
| ... removing old installation directories ...

What looks like a predictable /tmp path turns out to be one:

https://lists.freedesktop.org/archives/libreoffice/2017-August/078249.html

Another local user may use this vulnerability to gain privileges of a
user who is building libreoffice from source. I did not request a CVE
for this issue.

Helmut

--- End Message ---

--- Begin Message ---

To: 640462-done@bugs.debian.org,661818-done@bugs.debian.org,669064-done@bugs.debian.org,708533-done@bugs.debian.org,729936-done@bugs.debian.org,754333-done@bugs.debian.org,772097-done@bugs.debian.org,776950-done@bugs.debian.org,804174-done@bugs.debian.org,808754-done@bugs.debian.org,819577-done@bugs.debian.org,820350-done@bugs.debian.org,821401-done@bugs.debian.org,825650-done@bugs.debian.org,827459-done@bugs.debian.org,827535-done@bugs.debian.org,827911-done@bugs.debian.org,829379-done@bugs.debian.org,834947-done@bugs.debian.org,836935-done@bugs.debian.org,838262-done@bugs.debian.org,852326-done@bugs.debian.org,854623-done@bugs.debian.org,857441-done@bugs.debian.org,867591-done@bugs.debian.org,870278-done@bugs.debian.org,870291-done@bugs.debian.org,870296-done@bugs.debian.org,870366-done@bugs.debian.org,870368-done@bugs.debian.org,870374-done@bugs.debian.org,870385-done@bugs.debian.org,870386-done@bugs.debian.org,870389-done@bugs.debian.org,870391-done@bugs.debian.org,870392-done@bu gs.debian.org,870394-done@bugs.debian.org,870610-done@bugs.debian.org,870613-done@bugs.debian.org,870745-done@bugs.debian.org,871394-done@bugs.debian.org,871399-done@bugs.debian.org,872811-done@bugs.debian.org,874195-done@bugs.debian.org,875415-done@bugs.debian.org,878054-done@bugs.debian.org,881531-done@bugs.debian.org,882882-done@bugs.debian.org,883734-done@bugs.debian.org,885098-done@bugs.debian.org,886548-done@bugs.debian.org,886999-done@bugs.debian.org,890518-done@bugs.debian.org,890638-done@bugs.debian.org,892136-done@bugs.debian.org,893961-done@bugs.debian.org,895427-done@bugs.debian.org,896967-done@bugs.debian.org,898959-done@bugs.debian.org,899013-done@bugs.debian.org,910785-done@bugs.debian.org,911859-done@bugs.debian.org,911897-done@bugs.debian.org,911962-done@bugs.debian.org,917242-done@bugs.debian.org,921387-done@bugs.debian.org,922925-done@bugs.debian.org,927426-done@bugs.debian.org,928953-done@bugs.debian.org,929942-done@bugs.debian.org,933271-done@bugs.debian.org,935 182-done@bugs.debian.org,941743-done@bugs.debian.org,942052-done@bugs.debian.org,944354-done@bugs.debian.org,946545-done@bugs.debian.org,946592-done@bugs.debian.org,947612-done@bugs.debian.org,951111-done@bugs.debian.org,956586-done@bugs.debian.org,959399-done@bugs.debian.org,964945-done@bugs.debian.org,965236-done@bugs.debian.org,968698-done@bugs.debian.org,969299-done@bugs.debian.org,969977-done@bugs.debian.org,971874-done@bugs.debian.org,974220-done@bugs.debian.org,974650-done@bugs.debian.org,975068-done@bugs.debian.org,977463-done@bugs.debian.org,977857-done@bugs.debian.org,977977-done@bugs.debian.org,983945-done@bugs.debian.org,986981-done@bugs.debian.org,987626-done@bugs.debian.org,993206-done@bugs.debian.org,997089-done@bugs.debian.org,1000842-done@bugs.debian.org,1001066-done@bugs.debian.org,1003974-done@bugs.debian.org,1006792-done@bugs.debian.org,1006950-done@bugs.debian.org,1007006-done@bugs.debian.org,1007110-done@bugs.debian.org,1011454-done@bugs.debian.org,1015791-done @bugs.debian.org,1015827-done@bugs.debian.org,1018991-done@bugs.debian.org,1018993-done@bugs.debian.org,1019108-done@bugs.debian.org,1019116-done@bugs.debian.org,1019862-done@bugs.debian.org,1025748-done@bugs.debian.org,1030019-done@bugs.debian.org,1036366-done@bugs.debian.org,1036805-done@bugs.debian.org,1036807-done@bugs.debian.org,1041490-done@bugs.debian.org,1051474-done@bugs.debian.org,1052047-done@bugs.debian.org,1053670-done@bugs.debian.org,1055048-done@bugs.debian.org,1056104-done@bugs.debian.org,1060255-done@bugs.debian.org,1061252-done@bugs.debian.org,1061253-done@bugs.debian.org,1064494-done@bugs.debian.org,1065448-done@bugs.debian.org,1068023-done@bugs.debian.org,1068479-done@bugs.debian.org,1068595-done@bugs.debian.org,

Cc: libreoffice@packages.debian.org

Subject: Bug#1069123: Removed package(s) from experimental

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Date: Wed, 17 Apr 2024 11:53:46 +0000

Message-id: <[🔎] E1rx3rG-00E477-S5@fasolo.debian.org>
Version: 4:24.2.3~rc1-1+rm

Dear submitter,

as the package libreoffice has just been removed from the Debian archive
experimental we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1069123

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---

Reply to:

References:
- Bug#1069123: Removed package(s) from experimental
  - From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Prev by Date: Bug#871394: marked as done (libreoffice-writer: A section in writer document is not visible to AT-SPI)
Next by Date: Bug#871399: marked as done (libreoffice-impress: Textboxes content no longer read by screen reader)
Previous by thread: Bug#871394: marked as done (libreoffice-writer: A section in writer document is not visible to AT-SPI)
Next by thread: Bug#871399: marked as done (libreoffice-impress: Textboxes content no longer read by screen reader)
Index(es):
- Date
- Thread