Hello release managers, Crip has an insecure temp file security problem (CVE-2008-5376, Debian Bug #509275), so please let it into testing. Wrt stable-proposed-updates, attached is a debdiff. Thanks! Ryan -- _________________________ Ryan Niebur ryanryan52@gmail.com
diff -u crip-3.7/debian/changelog crip-3.7/debian/changelog
--- crip-3.7/debian/changelog
+++ crip-3.7/debian/changelog
@@ -1,3 +1,9 @@
+crip (3.7-3+etch1) stable-proposed-updates; urgency=low
+
+ * fix CVE-2008-5376 (Closes: #509275)
+
+ -- Ryan Niebur <ryanryan52@gmail.com> Sat, 20 Dec 2008 11:21:23 -0800
+
crip (3.7-3) unstable; urgency=low
* wrote a patch which prevents overwriting of files (Closes: #353318).
diff -u crip-3.7/debian/patches/00list crip-3.7/debian/patches/00list
--- crip-3.7/debian/patches/00list
+++ crip-3.7/debian/patches/00list
@@ -3,0 +4 @@
+50security-fixes.dpatch
only in patch2:
unchanged:
--- crip-3.7.orig/debian/patches/50security-fixes.dpatch
+++ crip-3.7/debian/patches/50security-fixes.dpatch
@@ -0,0 +1,84 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## security-fixes.dpatch by Ryan Niebur <ryanryan52@gmail.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2008-5376: insecure temp file handling
+
+@DPATCH@
+diff -urNad crip~/crip crip/crip
+--- crip~/crip 2008-12-20 11:05:16.000000000 -0800
++++ crip/crip 2008-12-20 11:05:17.000000000 -0800
+@@ -187,7 +187,8 @@
+ $cddbsubmitaddr = "freedb-submit\@freedb.org";
+ # Directory to write the cddb submit entry file (need to have write
+ # permissions to this directory).
+-$cddbsubmitdir = "/tmp";
++use File::Temp;
++$cddbsubmitdir = File::Temp::tempdir(CLEANUP => 1);
+ # The following is the charset for the freedb-submit e-mail:
+ $charset = "iso-8859-1";
+
+diff -urNad crip~/criprc_example crip/criprc_example
+--- crip~/criprc_example 2008-12-20 11:05:14.000000000 -0800
++++ crip/criprc_example 2008-12-20 11:05:17.000000000 -0800
+@@ -163,7 +163,7 @@
+
+ # Directory to write the cddb submit entry file (need to have write
+ # permissions to this directory).
+-cddbsubmitdir = /tmp
++# cddbsubmitdir = /home/user/tmp/
+
+ # The following is the charset for the freedb-submit e-mail:
+ charset = iso-8859-1
+diff -urNad crip~/editcomment crip/editcomment
+--- crip~/editcomment 2008-12-20 11:05:16.000000000 -0800
++++ crip/editcomment 2008-12-20 11:05:17.000000000 -0800
+@@ -16,8 +16,11 @@
+ die "File \"$file\" does not have the .ogg extension.\n";
+ }
+
++use File::Temp;
++$tempdir = File::Temp::tempdir(CLEANUP => 1);;
++
+ if (-e "$file.tag.tmp") {
+- die "WTF is \"$file.tag.tmp\" already doing in /tmp ?!\n";
++ die "WTF is \"$file.tag.tmp\" already doing in $tempdir?!\n";
+ }
+
+ # Escape certain characters from $file
+@@ -28,16 +31,16 @@
+ $file =~ s/'/\\'/g; $file =~ s/`/\\`/g;
+ $file =~ s/\"/\\\"/g; $file =~ s/ /\\ /g;
+
+-system "vorbiscomment -l $file > /tmp/$file.tag.tmp";
++system "vorbiscomment -l $file > $tempdir/$file.tag.tmp";
+
+-system "$editor /tmp/$file.tag.tmp";
++system "$editor $tempdir/$file.tag.tmp";
+
+ print "Writing new tag info...\n";
+-system "vorbiscomment -w -c /tmp/$file.tag.tmp $file";
++system "vorbiscomment -w -c $tempdir/$file.tag.tmp $file";
+ print "Done.\n";
+
+-print "Deleting temporary file /tmp/$file.tag.tmp\n";
+-system "rm /tmp/$file.tag.tmp";
++print "Deleting temporary file $tempdir/$file.tag.tmp\n";
++system "rm $tempdir/$file.tag.tmp";
+
+ print "\nTag info now reads:\n";
+ system "vorbiscomment -l $file";
+diff -urNad crip~/editfilenames crip/editfilenames
+--- crip~/editfilenames 2008-12-20 11:05:16.000000000 -0800
++++ crip/editfilenames 2008-12-20 11:06:08.000000000 -0800
+@@ -7,7 +7,9 @@
+ $editor = "sensible-editor";
+
+ # Temporary filename
+-$tmpfile = "/tmp/filelist.txt";
++use File::Temp;
++$tempdir = File::Temp::tempdir(CLEANUP => 1);;
++$tmpfile = "$tempdir/filelist.txt";
+
+ # Substitute spaces with an underscore (on/off - default="on")
+ $subsp = "on";
Attachment:
signature.asc
Description: Digital signature