Hello release managers, Crip has an insecure temp file security problem (CVE-2008-5376, Debian Bug #509275), so please let it into testing. Wrt stable-proposed-updates, attached is a debdiff. Thanks! Ryan -- _________________________ Ryan Niebur ryanryan52@gmail.com
diff -u crip-3.7/debian/changelog crip-3.7/debian/changelog --- crip-3.7/debian/changelog +++ crip-3.7/debian/changelog @@ -1,3 +1,9 @@ +crip (3.7-3+etch1) stable-proposed-updates; urgency=low + + * fix CVE-2008-5376 (Closes: #509275) + + -- Ryan Niebur <ryanryan52@gmail.com> Sat, 20 Dec 2008 11:21:23 -0800 + crip (3.7-3) unstable; urgency=low * wrote a patch which prevents overwriting of files (Closes: #353318). diff -u crip-3.7/debian/patches/00list crip-3.7/debian/patches/00list --- crip-3.7/debian/patches/00list +++ crip-3.7/debian/patches/00list @@ -3,0 +4 @@ +50security-fixes.dpatch only in patch2: unchanged: --- crip-3.7.orig/debian/patches/50security-fixes.dpatch +++ crip-3.7/debian/patches/50security-fixes.dpatch @@ -0,0 +1,84 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## security-fixes.dpatch by Ryan Niebur <ryanryan52@gmail.com> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: CVE-2008-5376: insecure temp file handling + +@DPATCH@ +diff -urNad crip~/crip crip/crip +--- crip~/crip 2008-12-20 11:05:16.000000000 -0800 ++++ crip/crip 2008-12-20 11:05:17.000000000 -0800 +@@ -187,7 +187,8 @@ + $cddbsubmitaddr = "freedb-submit\@freedb.org"; + # Directory to write the cddb submit entry file (need to have write + # permissions to this directory). +-$cddbsubmitdir = "/tmp"; ++use File::Temp; ++$cddbsubmitdir = File::Temp::tempdir(CLEANUP => 1); + # The following is the charset for the freedb-submit e-mail: + $charset = "iso-8859-1"; + +diff -urNad crip~/criprc_example crip/criprc_example +--- crip~/criprc_example 2008-12-20 11:05:14.000000000 -0800 ++++ crip/criprc_example 2008-12-20 11:05:17.000000000 -0800 +@@ -163,7 +163,7 @@ + + # Directory to write the cddb submit entry file (need to have write + # permissions to this directory). +-cddbsubmitdir = /tmp ++# cddbsubmitdir = /home/user/tmp/ + + # The following is the charset for the freedb-submit e-mail: + charset = iso-8859-1 +diff -urNad crip~/editcomment crip/editcomment +--- crip~/editcomment 2008-12-20 11:05:16.000000000 -0800 ++++ crip/editcomment 2008-12-20 11:05:17.000000000 -0800 +@@ -16,8 +16,11 @@ + die "File \"$file\" does not have the .ogg extension.\n"; + } + ++use File::Temp; ++$tempdir = File::Temp::tempdir(CLEANUP => 1);; ++ + if (-e "$file.tag.tmp") { +- die "WTF is \"$file.tag.tmp\" already doing in /tmp ?!\n"; ++ die "WTF is \"$file.tag.tmp\" already doing in $tempdir?!\n"; + } + + # Escape certain characters from $file +@@ -28,16 +31,16 @@ + $file =~ s/'/\\'/g; $file =~ s/`/\\`/g; + $file =~ s/\"/\\\"/g; $file =~ s/ /\\ /g; + +-system "vorbiscomment -l $file > /tmp/$file.tag.tmp"; ++system "vorbiscomment -l $file > $tempdir/$file.tag.tmp"; + +-system "$editor /tmp/$file.tag.tmp"; ++system "$editor $tempdir/$file.tag.tmp"; + + print "Writing new tag info...\n"; +-system "vorbiscomment -w -c /tmp/$file.tag.tmp $file"; ++system "vorbiscomment -w -c $tempdir/$file.tag.tmp $file"; + print "Done.\n"; + +-print "Deleting temporary file /tmp/$file.tag.tmp\n"; +-system "rm /tmp/$file.tag.tmp"; ++print "Deleting temporary file $tempdir/$file.tag.tmp\n"; ++system "rm $tempdir/$file.tag.tmp"; + + print "\nTag info now reads:\n"; + system "vorbiscomment -l $file"; +diff -urNad crip~/editfilenames crip/editfilenames +--- crip~/editfilenames 2008-12-20 11:05:16.000000000 -0800 ++++ crip/editfilenames 2008-12-20 11:06:08.000000000 -0800 +@@ -7,7 +7,9 @@ + $editor = "sensible-editor"; + + # Temporary filename +-$tmpfile = "/tmp/filelist.txt"; ++use File::Temp; ++$tempdir = File::Temp::tempdir(CLEANUP => 1);; ++$tmpfile = "$tempdir/filelist.txt"; + + # Substitute spaces with an underscore (on/off - default="on") + $subsp = "on";
Attachment:
signature.asc
Description: Digital signature