Bug#279680: libc6: CAN-2004-0968 not fixed in woody
Package: libc6
Version: 2.2.5-11.5
Severity: grave
Tags: woody, security
Justification: user security hole
I notice the Ubuntu Security USN-4-1 and did not find CAN-2004-0968 in
the "Non-Vulnerable" list. I looked at catchsegv as an example and
code like
segv_output=`basename "$prog"`.segv.$$
does not look secure to me.
http://lwn.net/Alerts/108824/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-00968
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Reply to: