Bug#1036976: bullseye-pu: package grunt/1.3.0-1+deb11u2

To: Yadd <yadd@debian.org>, 1036976@bugs.debian.org
Subject: Bug#1036976: bullseye-pu: package grunt/1.3.0-1+deb11u2
From: Jonathan Wiltshire <jmw@debian.org>
Date: Tue, 25 Jul 2023 21:38:36 +0100
Message-id: <[🔎] ZMAyzJqSGx6ojlfk@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1036976@bugs.debian.org
In-reply-to: <168553098913.208712.10267899024956305734.reportbug@debian117>
References: <168553098913.208712.10267899024956305734.reportbug@debian117> <168553098913.208712.10267899024956305734.reportbug@debian117>

Control: tag -1 confirmed

On Wed, May 31, 2023 at 03:03:09PM +0400, Yadd wrote:
> [ Reason ]
> file.copy operations in GruntJS are vulnerable to a TOCTOU race condition
> leading to arbitrary file write in GitHub repository gruntjs/grunt prior to
> 1.5.3. This vulnerability is capable of arbitrary file writes which can lead
> to local privilege escalation to the GruntJS user if a lower-privileged user
> has write access to both source and destination directories as the
> lower-privileged user can create a symlink to the GruntJS user's .bashrc
> file or replace /etc/shadow file if the GruntJS user is root.


Please go ahead.

Thanks,


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Prev by Date: Processed: Re: Bug#1036976: bullseye-pu: package grunt/1.3.0-1+deb11u2
Next by Date: Bug#1007950: bullseye-pu: package tinyssh/20190101-1
Previous by thread: Bug#1038943: bullseye-pu: package lapack/3.9.0-3+deb11u1
Next by thread: Processed: Re: Bug#1036976: bullseye-pu: package grunt/1.3.0-1+deb11u2
Index(es):
- Date
- Thread