Acknowledgement sent to Colin Phipps <cph@cph.demon.co.uk>:
New Bug report received and forwarded. Copy sent to Pawel Wiecek <coven@debian.org>, catdoc@packages.qa.debian.org.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: catdoc: xlsview insecure /tmp use
Date: Wed, 5 Mar 2003 14:32:26 +0000
Package: catdoc
Version: 0.91.5-1
Severity: normal
File: /usr/bin/xlsview
Tags: patch security
xlsview writes its output to a temporary file in /tmp. This file has a
predictable name and is opened without ensuring that it does not already
exist. This leaves xlsview open to possible symlink attacks.
The following patch uses tempfile(1) to choose a temporary filename and
create the file, ensuring that it is created safely.
--- msxlsview.sh 2003-03-05 14:09:15.000000000 +0000
+++ msxlsview.sh.new 2003-03-05 14:15:32.000000000 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
-file=/tmp/word$$.html
+file=$(tempfile --prefix=xlsview --suffix=.html)
cat << EOT >$file
<HTML>
-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux nausea 2.4.20 #1 Wed Dec 4 10:19:30 GMT 2002 i686
Locale: LANG=en_GB, LC_CTYPE=en_GB
Versions of packages catdoc depends on:
ii libc6 2.2.5-14.3 GNU C Library: Shared libraries an
Information forwarded to debian-bugs-dist@lists.debian.org, Pawel Wiecek <coven@debian.org>, catdoc@packages.qa.debian.org: Bug#183525; Package catdoc.
(full text, mbox, link).
Acknowledgement sent to Drew Scott Daniels <umdanie8@cc.UManitoba.CA>:
Extra info received and forwarded to list. Copy sent to Pawel Wiecek <coven@debian.org>, catdoc@packages.qa.debian.org.
(full text, mbox, link).
From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
To: 183525@bugs.debian.org, <control@bugs.debian.org>
Subject: Security team & tags
Date: Sat, 5 Apr 2003 10:26:09 -0600 (CST)
severity 183525 grave
tags 183525 +woody
thanks
Has team@security.debian.org been contacted regarding this bug?
I'm setting this bug to grave as this seems to be a real security issue.
I've set the woody tag so that this bug might get more attention. Sarge
and sid should also be effected as they are all the same version and so
the sarge and sid tags should likely be set later.
I don't see this package in potato, but I'm not sure if my methods of
looking are correct.
Drew Daniels
Severity set to `grave'.
Request was from Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: woody
Request was from Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Pawel Wiecek <coven@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Colin Phipps <cph@cph.demon.co.uk>:
Bug acknowledged by developer.
(full text, mbox, link).
We believe that the bug you reported is fixed in the latest version of
catdoc, which is due to be installed in the Debian FTP archive:
catdoc_0.91.5-2.diff.gz
to pool/main/c/catdoc/catdoc_0.91.5-2.diff.gz
catdoc_0.91.5-2.dsc
to pool/main/c/catdoc/catdoc_0.91.5-2.dsc
catdoc_0.91.5-2_i386.deb
to pool/main/c/catdoc/catdoc_0.91.5-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 183525@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pawel Wiecek <coven@debian.org> (supplier of updated catdoc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 Apr 2003 15:46:19 +0200
Source: catdoc
Binary: catdoc
Architecture: source i386
Version: 0.91.5-2
Distribution: unstable
Urgency: high
Maintainer: Pawel Wiecek <coven@debian.org>
Changed-By: Pawel Wiecek <coven@debian.org>
Description:
catdoc - MS-Word to TeX or plain text converter
Closes: 183525
Changes:
catdoc (0.91.5-2) unstable; urgency=high
.
* Fixed insecure /tmp use (closes: #183525)
Files:
7285b82d6d3909a28a7dcf1cb379bd79 556 text optional catdoc_0.91.5-2.dsc
33908e7278323795d1e4d4d8aeac9c10 14025 text optional catdoc_0.91.5-2.diff.gz
6ccf74b56c1cc9f5cda069b5ba80020d 67044 text optional catdoc_0.91.5-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+ppq4BOdjEO/Bh3ARAladAJ4kd0bJqohAD8jyOGB4dKxifAgeRQCfad9h
0tZtVq1mC8IOTNjGwZMNaH8=
=yi3K
-----END PGP SIGNATURE-----
Subject: Bug#183525: fixed in catdoc 0.91.5-1.99woody.1
Date: Thu, 24 Apr 2003 14:47:11 -0400
We believe that the bug you reported is fixed in the latest version of
catdoc, which is due to be installed in the Debian FTP archive:
catdoc_0.91.5-1.99woody.1.diff.gz
to pool/main/c/catdoc/catdoc_0.91.5-1.99woody.1.diff.gz
catdoc_0.91.5-1.99woody.1.dsc
to pool/main/c/catdoc/catdoc_0.91.5-1.99woody.1.dsc
catdoc_0.91.5-1.99woody.1_i386.deb
to pool/main/c/catdoc/catdoc_0.91.5-1.99woody.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 183525@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pawel Wiecek <coven@debian.org> (supplier of updated catdoc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 Apr 2003 15:46:19 +0200
Source: catdoc
Binary: catdoc
Architecture: source i386
Version: 0.91.5-1.99woody.1
Distribution: stable
Urgency: high
Maintainer: Pawel Wiecek <coven@debian.org>
Changed-By: Pawel Wiecek <coven@debian.org>
Description:
catdoc - MS-Word to TeX or plain text converter
Closes: 183525
Changes:
catdoc (0.91.5-1.99woody.1) stable; urgency=high
.
* Fixed insecure /tmp use (closes: #183525)
* Fix backported from 0.91.5-2 because it fixes a security problem.
Files:
3d57ff457da2bfa16597c2372f36c9e9 619 text optional catdoc_0.91.5-1.99woody.1.dsc
2bd0981c9ec8c69e268965ecdcbd3b9d 14065 text optional catdoc_0.91.5-1.99woody.1.diff.gz
25d4d6e030599202bad8ceb443db01bd 66672 text optional catdoc_0.91.5-1.99woody.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+pqh5BOdjEO/Bh3ARAj7sAJ42eAfxMJBcwsbIC6e5vORt2/9trQCfWbSN
wRaPHpubUmpP/qSfOlxjlWU=
=K1n+
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.