Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Free Ekanayaka <free@agnula.org>: Bug#476321; Package cecilia.
(full text, mbox, link).
Acknowledgement sent to Felipe Sateler <fsateler@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Free Ekanayaka <free@agnula.org>.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cecilia: Unsafe temp file
Date: Tue, 15 Apr 2008 16:53:44 -0400
Package: cecilia
Version: 2.0.5-2
Severity: grave
Tags: security
Justification: user security hole
lib/prefs.tcl does, at line 185:
catch {exec $csound >& /tmp/csvers}
set f [open /tmp/csvers r]
A malicious user could create /tmp/csvers as a symlink to another file,
and when cecilia is started, that data would get destroyed.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cecilia depends on:
ii csound 1:5.08.0.dfsg2-1 powerful and versatile sound synth
ii tk8.4 8.4.18-1 Tk toolkit for Tcl and X11, v8.4 -
cecilia recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Free Ekanayaka <free@agnula.org>: Bug#476321; Package cecilia.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Free Ekanayaka <free@agnula.org>.
(full text, mbox, link).
Hi Felipe,
* Felipe Sateler <fsateler@gmail.com> [2008-04-15 23:01]:
[...]
> lib/prefs.tcl does, at line 185:
> catch {exec $csound >& /tmp/csvers}
> set f [open /tmp/csvers r]
Confirmed, requested CVE id.
Thanks!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Information forwarded to debian-bugs-dist@lists.debian.org, Free Ekanayaka <free@agnula.org>: Bug#476321; Package cecilia.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Free Ekanayaka <free@agnula.org>.
(full text, mbox, link).
Changed Bug title to `cecilia: CVE-2008-1832 insecure tmp file usage' from `cecilia: Unsafe temp file'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 16 Apr 2008 15:30:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Free Ekanayaka <free@agnula.org>: Bug#476321; Package cecilia.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Free Ekanayaka <free@agnula.org>.
(full text, mbox, link).
tags 476321 patch
thanks
Hi
I guess the attached patch should address the insecure tmp file. However, I
seem to be unable to startup the application. The only thing that happens is
that the window pops up and says "loading code: helpers.tcl".
Anyone able to use this application?
Cheers
Steffen
Tags added: patch
Request was from Steffen Joeris <steffen.joeris@skolelinux.de>
to control@bugs.debian.org.
(Tue, 06 May 2008 11:54:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Free Ekanayaka <free@agnula.org>: Bug#476321; Package cecilia.
(full text, mbox, link).
Acknowledgement sent to Marcos Marado <marado@isp.novis.pt>:
Extra info received and forwarded to list. Copy sent to Free Ekanayaka <free@agnula.org>.
(full text, mbox, link).
Hi there,
The problem of you being "unable to startup the application", is, I guess, bug
#479995 and not related to this one.
Regarding to this problem, I tried it and it doesn't cause any problem to the
package, while fixing the security issue. As far as I see, the patch is ready
to be included.
Best regards,
--
Marcos Marado
Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Felipe Sateler <fsateler@gmail.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: cecilia
Source-Version: 2.0.5-2.1
We believe that the bug you reported is fixed in the latest version of
cecilia, which is due to be installed in the Debian FTP archive:
cecilia_2.0.5-2.1.diff.gz
to pool/main/c/cecilia/cecilia_2.0.5-2.1.diff.gz
cecilia_2.0.5-2.1.dsc
to pool/main/c/cecilia/cecilia_2.0.5-2.1.dsc
cecilia_2.0.5-2.1_all.deb
to pool/main/c/cecilia/cecilia_2.0.5-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 476321@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated cecilia package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 09 May 2008 11:47:07 +0000
Source: cecilia
Binary: cecilia
Architecture: source all
Version: 2.0.5-2.1
Distribution: unstable
Urgency: high
Maintainer: Free Ekanayaka <free@agnula.org>
Changed-By: Steffen Joeris <white@debian.org>
Description:
cecilia - graphic user interface for CSound
Closes: 476321
Changes:
cecilia (2.0.5-2.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Include 13CVE-2008-1832.dpatch to fix insecure tmp file handling,
which allows a symlink attack (Closes: #476321)
Fixes: CVE-2008-1832
Checksums-Sha1:
40ee3ffde9ed450ed198041b854d4692971894bf 1023 cecilia_2.0.5-2.1.dsc
4054cf14f8dd530825958ed993fa938a63c8ffa8 13397 cecilia_2.0.5-2.1.diff.gz
f9518a463de806a428f6563fb64835db7e220534 1654124 cecilia_2.0.5-2.1_all.deb
Checksums-Sha256:
21b43c87f7f855fc454251677b130df9800e52b2e3bfc2c3e50ebce0027b2729 1023 cecilia_2.0.5-2.1.dsc
67af098abfe27b2d0a04b9f8531e1656c07642943fef89240c3cddd9da0ad0a1 13397 cecilia_2.0.5-2.1.diff.gz
c7240af8be18ca79621bcfb560a5dd2f46bd107084a0fca57455a7bd14f4d708 1654124 cecilia_2.0.5-2.1_all.deb
Files:
7adbf654c3055a6d0ca42739c4ca6679 1023 sound optional cecilia_2.0.5-2.1.dsc
cb3a02fc51b07fb218b18405466657bd 13397 sound optional cecilia_2.0.5-2.1.diff.gz
b6d6b071b6708f22cb218c42ecedaef3 1654124 sound optional cecilia_2.0.5-2.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIJDvU62zWxYk/rQcRAoSkAKC2ebqLKOt2rldCWTfcfWjpHGnQIACeKCgE
tiwhodasJnEi6GLSyu/nUaQ=
=BeHD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 16 Mar 2009 08:08:28 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.