Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)

To: 308783-submitter@bugs.debian.org, control@bugs.debian.org
Subject: Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)
From: Branden Robinson <branden@debian.org>
Date: Sat, 14 May 2005 16:20:47 -0500
Message-id: <[🔎] 20050514212047.GF29020@redwald.deadbeast.net>
Reply-to: Branden Robinson <branden@debian.org>, 308783-quiet@bugs.debian.org

# This doesn't actually have much to do with CAN-2004-0914.
retitle 308783 libxpm4: new s_popen() function is insecure garbage
# X.Org X11R6.8.2 has code that fixes this.
tag 30783 fixed-upstream
# David Nusinow is working on this.
owne 308783 David Nusinow <dnusinow@debian.org>
# XFree86 4.1.0 in woody, which ships the Xpm library in a different
# package, has this flaw as well.
clone 308783 -1
retitle -1 xlibs: libxpm4's new s_popen() function is insecure garbage
reassign -1 xlibs
tag -1 woody
thanks

Matej,

If there is a security problem here, and I suppose there is given the
failure of s_open() to properly scrutinize its arguments as you indicate,
then please contact MITRE and ask for a CAN number, and/or ask
freedesktop.org to do so.

-- 
G. Branden Robinson                |       If atheism is a religion, then
Debian GNU/Linux                   |       health is a disease.
branden@debian.org                 |       -- Clark Adams
http://people.debian.org/~branden/ |

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Processed: Re: Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)
Next by Date: Processed: tagging 308783, tagging 309143
Previous by thread: Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)
Next by thread: Processed: Re: Bug#308783: libxpm4: problems with s_popen (CAN-2004-0914)
Index(es):
- Date
- Thread