Bug#348322: marked as done (ee: [CVE-2006-0055] insecure temporary files)

To: Matej Vela <vela@debian.org>
Subject: Bug#348322: marked as done (ee: [CVE-2006-0055] insecure temporary files)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 28 Oct 2006 03:49:13 -0700
Message-id: <[🔎] handler.348322.D348322.11620321393997.ackdone@bugs.debian.org>
References: <87d58c203j.fsf@debian.org> <20060116102235.GC6695@piware.de>

Your message dated Sat, 28 Oct 2006 12:42:08 +0200
with message-id <87d58c203j.fsf@debian.org>
and subject line ee: CVE-2006-0055 not applicable to Debian
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: ee: [CVE-2006-0055] insecure temporary files

From: Martin Pitt <mpitt@debian.org>

Date: Mon, 16 Jan 2006 11:22:35 +0100

Message-id: <20060116102235.GC6695@piware.de>
Package: ee
Version: 1:1.4.2-5
Severity: important
Tags: security

Hi!

FreeBSD recently released a security advisory for ee, it creates
temporary files insecurely in the ispell_op() function. This does not
sound BSD specific, so it seems that Debian needs an update as well.

Please mention the CVE number in the changelog when you fix this.

Thank you!

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

To: 348322-done@bugs.debian.org

Subject: Re: ee: CVE-2006-0055 not applicable to Debian

From: Matej Vela <vela@debian.org>

Date: Sat, 28 Oct 2006 12:42:08 +0200

Message-id: <87d58c203j.fsf@debian.org>

In-reply-to: <20060514131724.28427.19846.reportbug@tatsu> (Alec Berryman's message of "Sun, 14 May 2006 14:17:24 +0100")

References: <20060514131724.28427.19846.reportbug@tatsu>
Alec Berryman <alec@thened.net> writes:

> This bug may be closed because it was fixed in 1.4.2-5; see #117310.

Confirmed:

> ee (1:1.4.2-5) unstable; urgency=low
>
>   * Use mkstemp() to create temporary ispell file (closes: #117310)
>   * Fix 8-bit character flaw (closes:#117298)
>
>  -- Steve Greenland <stevegr@debian.org>  Sun,  1 Jun 2003 15:47:47 -0500

Thanks,

Matej
--- End Message ---

Reply to:

Prev by Date: Bug#306442: marked as done (ttf-indic-fonts: vflib3.defoma script complains about an illegal argument)
Next by Date: Bug#102006: date cheryl desmarais
Previous by thread: Bug#306442: marked as done (ttf-indic-fonts: vflib3.defoma script complains about an illegal argument)
Next by thread: Bug#102006: date cheryl desmarais
Index(es):
- Date
- Thread