Debian Bug report logs - #375617
spread: CVE-2006-3118: insecure temporary file handling

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <mpitt@debian.org>

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: spread: insecure temporary file handling

Date: Tue, 27 Jun 2006 09:41:26 +0200

[Message part 1 (text/plain, inline)]

Package: spread
Severity: normal
Tags: security

Hi,

recently, a bug about insecure temporary file handling was filed in
Ubuntu [1]. After looking into the code, it does not seem that bad at
all (removal of an already existing file which might be important, and
a small race condition for a local DoS). However, it should be cleaned
up.

  "On start, spread creates a file /tmp/PORTNUMBER where PORTNUMBER is
  4803 by default.

  If an existing file named /tmp/PORTNUMBER exists, it will be deleted
  before a socket with the same name is created."

It probably does not deserve a CVE number, but now that it has got
one, please mention it in the changelog when you fix this
(CVE-2006-3118).

Can you please pass this to upstream?

Thanks,

Martin

[1] https://launchpad.net/bugs/44171

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[signature.asc (application/pgp-signature, inline)]

Message #12 received at 375617@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@infodrom.org>

To: 375617@bugs.debian.org

Subject: Patch

Date: Sun, 9 Jul 2006 12:03:58 +0200

[Message part 1 (text/plain, inline)]

Attached is a patch that simply changes the pathname.

Regards,

	Joey

-- 
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.

Please always Cc to me when replying to me on the lists.

[spread-3.17.2_tmpfile.patch (text/plain, attachment)]

Message #17 received at 375617@bugs.debian.org (full text, mbox, reply):

From: Alec Berryman <alec@thened.net>

To: 375617@bugs.debian.org

Subject: any movement on CVE-2006-3118?

Date: Tue, 15 Aug 2006 21:29:45 -0400

[Message part 1 (text/plain, inline)]

Hi Michael, 

Just a friendly reminder that #375617 is an outstanding security issue
with spread.  There's a patch in the BTS.  It would be great to have
this fixed for etch.

Thanks,

Alec

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 375617-close@bugs.debian.org (full text, mbox, reply):

From: Michael Mende <debian@menole.net>

To: 375617-close@bugs.debian.org

Subject: Bug#375617: fixed in spread 3.17.3-4

Date: Fri, 22 Sep 2006 09:02:24 -0700

Source: spread
Source-Version: 3.17.3-4

We believe that the bug you reported is fixed in the latest version of
spread, which is due to be installed in the Debian FTP archive:

libspread-perl_3.17.3-4_amd64.deb
  to pool/main/s/spread/libspread-perl_3.17.3-4_amd64.deb
libspread1-dev_3.17.3-4_amd64.deb
  to pool/main/s/spread/libspread1-dev_3.17.3-4_amd64.deb
libspread1_3.17.3-4_amd64.deb
  to pool/main/s/spread/libspread1_3.17.3-4_amd64.deb
spread_3.17.3-4.diff.gz
  to pool/main/s/spread/spread_3.17.3-4.diff.gz
spread_3.17.3-4.dsc
  to pool/main/s/spread/spread_3.17.3-4.dsc
spread_3.17.3-4_amd64.deb
  to pool/main/s/spread/spread_3.17.3-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 375617@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Mende <debian@menole.net> (supplier of updated spread package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 10 Sep 2006 12:13:43 +0200
Source: spread
Binary: libspread1-dev spread libspread1 libspread-perl
Architecture: source amd64
Version: 3.17.3-4
Distribution: unstable
Urgency: high
Maintainer: Michael Mende <debian@menole.net>
Changed-By: Michael Mende <debian@menole.net>
Description: 
 libspread-perl - Perl bindings for the Spread messaging service
 libspread1 - C library for the Spread messaging service
 libspread1-dev - Development files for libspread
 spread     - The Spread messaging daemon
Closes: 375617
Changes: 
 spread (3.17.3-4) unstable; urgency=high
 .
   * CVE-2006-3118: insecure temporary file handling (Closes: #375617)
   * Build depends now on dpatch
   * Update standards version to 3.7.2
Files: 
 615e82179bf9cad908afa5577d5fe3e2 702 net optional spread_3.17.3-4.dsc
 61cab5b08c07c50b292d2abce836f7b5 10141 net optional spread_3.17.3-4.diff.gz
 cdce64c483773cea3d2a592ab30e14e1 81346 libdevel optional libspread1-dev_3.17.3-4_amd64.deb
 a4a2b415c3ede3283fd1ea97e338e0d7 56000 libs optional libspread1_3.17.3-4_amd64.deb
 91aa02793a98984fcf7da2abf31b1e9b 31792 perl optional libspread-perl_3.17.3-4_amd64.deb
 79e3fdfe67441882cf911e4e010463f3 201812 net optional spread_3.17.3-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFFAWE6n7So0GVSSARAuF1AJ4yA+cZlB6qSuIZ88UEBfo35xNaeQCfddO5
WtRSTTNP+ZZtNz2SGenAifs=
=JzTN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.