Debian Bug report logs - #650500
libproc-processtable-perl: [CVE-2011-4363] unsafe use of /tmp

version graph

Package: libproc-processtable-perl; Maintainer for libproc-processtable-perl is Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>; Source for libproc-processtable-perl is src:libproc-processtable-perl.

Reported by: Ansgar Burchardt <ansgar@debian.org>

Date: Wed, 30 Nov 2011 09:39:01 UTC

Severity: important

Tags: pending, security

Found in version libproc-processtable-perl/0.45-1

Fixed in versions libproc-processtable-perl/0.45-6, libproc-processtable-perl/0.45-1+squeeze1

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://rt.cpan.org/Public/Bug/Display.html?id=72862

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Wed, 30 Nov 2011 09:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ansgar Burchardt <ansgar@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Wed, 30 Nov 2011 09:39:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ansgar Burchardt <ansgar@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unsafe use of /tmp
Date: Wed, 30 Nov 2011 10:36:03 +0100
Package: libproc-processtable-perl
Version: 0.45-1
Severity: important
Tags: security

Proc::ProcessTable can cache TTY information (not enabled by default).
For this it uses the file /tmp/TTYDEVS.

If caching is enabled, there is a race condition that allows to
overwrite arbitrary files in ProcessTable.pm:

102       if( -r $TTYDEVSFILE )
103       {
104         $_ = Storable::retrieve($TTYDEVSFILE);
  [...]
107       else
108       {
  [...]
112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);

If a symlink /tmp/TTYDEVS is created between line 102 and 112, the file the
link points to is overwritten.  Alternatively wrong information can be
provided.

The relevant code path can be reached with

  perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'

Ansgar




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Wed, 30 Nov 2011 17:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Wed, 30 Nov 2011 17:48:03 GMT) Full text and rfc822 format available.

Message #10 received at 650500@bugs.debian.org (full text, mbox):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Ansgar Burchardt <ansgar@debian.org>, 650500@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#650500: unsafe use of /tmp
Date: Wed, 30 Nov 2011 18:46:33 +0100
On Wed, Nov 30, 2011 at 10:36:03AM +0100, Ansgar Burchardt wrote:
> Package: libproc-processtable-perl
> Version: 0.45-1
> Severity: important
> Tags: security
> 
> Proc::ProcessTable can cache TTY information (not enabled by default).
> For this it uses the file /tmp/TTYDEVS.
> 
> If caching is enabled, there is a race condition that allows to
> overwrite arbitrary files in ProcessTable.pm:
> 
> 102       if( -r $TTYDEVSFILE )
> 103       {
> 104         $_ = Storable::retrieve($TTYDEVSFILE);
>   [...]
> 107       else
> 108       {
>   [...]
> 112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
> 
> If a symlink /tmp/TTYDEVS is created between line 102 and 112, the file the
> link points to is overwritten.  Alternatively wrong information can be
> provided.
> 
> The relevant code path can be reached with
> 
>   perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'

Dear Debian Perl Group,
this doesn't warrant a DSA; but can you fix this through a point update
once an upstream fix is available?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Wed, 30 Nov 2011 20:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Wed, 30 Nov 2011 20:54:03 GMT) Full text and rfc822 format available.

Message #15 received at 650500@bugs.debian.org (full text, mbox):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Ansgar Burchardt <ansgar@debian.org>
Cc: 650500@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#650500: unsafe use of /tmp
Date: Wed, 30 Nov 2011 21:52:55 +0100
On Wed, Nov 30, 2011 at 06:46:33PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Nov 30, 2011 at 10:36:03AM +0100, Ansgar Burchardt wrote:
> > Package: libproc-processtable-perl
> > Version: 0.45-1
> > Severity: important
> > Tags: security
> > 
> > Proc::ProcessTable can cache TTY information (not enabled by default).
> > For this it uses the file /tmp/TTYDEVS.
> > 
> > If caching is enabled, there is a race condition that allows to
> > overwrite arbitrary files in ProcessTable.pm:
> > 
> > 102       if( -r $TTYDEVSFILE )
> > 103       {
> > 104         $_ = Storable::retrieve($TTYDEVSFILE);
> >   [...]
> > 107       else
> > 108       {
> >   [...]
> > 112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
> > 
> > If a symlink /tmp/TTYDEVS is created between line 102 and 112, the file the
> > link points to is overwritten.  Alternatively wrong information can be
> > provided.
> > 
> > The relevant code path can be reached with
> > 
> >   perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'
> 
> Dear Debian Perl Group,
> this doesn't warrant a DSA; but can you fix this through a point update
> once an upstream fix is available?

This has been assigned CVE-2011-4363.
 
Cheers,
        Moritz




Set Bug forwarded-to-address to 'http://rt.cpan.org/Public/Bug/Display.html?id=72862'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 01 Dec 2011 06:27:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Thu, 01 Dec 2011 06:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Thu, 01 Dec 2011 06:33:03 GMT) Full text and rfc822 format available.

Message #22 received at 650500@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Moritz Mühlenhoff <jmm@inutil.org>, 650500@bugs.debian.org
Cc: Ansgar Burchardt <ansgar@debian.org>, team@security.debian.org
Subject: Re: Bug#650500: unsafe use of /tmp
Date: Thu, 1 Dec 2011 07:28:56 +0100
[Message part 1 (text/plain, inline)]
Hi Ansgar and Moritz

On Wed, Nov 30, 2011 at 06:46:33PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Nov 30, 2011 at 10:36:03AM +0100, Ansgar Burchardt wrote:
> > Package: libproc-processtable-perl
> > Version: 0.45-1
> > Severity: important
> > Tags: security
> > 
> > Proc::ProcessTable can cache TTY information (not enabled by default).
> > For this it uses the file /tmp/TTYDEVS.
> > 
> > If caching is enabled, there is a race condition that allows to
> > overwrite arbitrary files in ProcessTable.pm:
> > 
> > 102       if( -r $TTYDEVSFILE )
> > 103       {
> > 104         $_ = Storable::retrieve($TTYDEVSFILE);
> >   [...]
> > 107       else
> > 108       {
> >   [...]
> > 112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
> > 
> > If a symlink /tmp/TTYDEVS is created between line 102 and 112, the file the
> > link points to is overwritten.  Alternatively wrong information can be
> > provided.
> > 
> > The relevant code path can be reached with
> > 
> >   perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'
> 
> Dear Debian Perl Group,
> this doesn't warrant a DSA; but can you fix this through a point update
> once an upstream fix is available?

Thanks for the CVE request too. I have forwarded the report to
upstream. But the latest upstream release was back to 2008. And thus
it might be unlikely that there will be a fix for it (before the
rewrite, as far as I know Jens Rehsack is planning to do so).

We can try to coordinate with fedora/redhat [1].

 [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363

Regards
Salvatore
[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'libproc-processtable-perl: [CVE-2011-4363] unsafe use of /tmp' from 'unsafe use of /tmp' Request was from aburchar <ansgar@debian.org> to control@bugs.debian.org. (Tue, 20 Dec 2011 19:51:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Sun, 10 Feb 2013 14:30:06 GMT) Full text and rfc822 format available.

Message #27 received at 650500@bugs.debian.org (full text, mbox):

From: pkg-perl-maintainers@lists.alioth.debian.org
To: 650500@bugs.debian.org, 650500-submitter@bugs.debian.org
Subject: Pending fixes for bugs in the libproc-processtable-perl package
Date: Sun, 10 Feb 2013 14:25:54 +0000
tag 650500 + pending
thanks

Some bugs in the libproc-processtable-perl package are closed in
revision 3d4fc5c728ccfa6601c4a24824c41ecf495ed459 in branch 'master'
by Salvatore Bonaccorso

The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-processtable-perl.git;a=commitdiff;h=3d4fc5c

Commit message:

    Add CVE-2011-4363.patch patch
    
    [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage.
    
    Closes: #650500




Added tag(s) pending. Request was from pkg-perl-maintainers@lists.alioth.debian.org to control@bugs.debian.org. (Sun, 10 Feb 2013 14:30:10 GMT) Full text and rfc822 format available.

Message sent on to Ansgar Burchardt <ansgar@debian.org>:
Bug#650500. (Sun, 10 Feb 2013 14:30:12 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 10 Feb 2013 15:03:13 GMT) Full text and rfc822 format available.

Notification sent to Ansgar Burchardt <ansgar@debian.org>:
Bug acknowledged by developer. (Sun, 10 Feb 2013 15:03:13 GMT) Full text and rfc822 format available.

Message #37 received at 650500-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 650500-close@bugs.debian.org
Subject: Bug#650500: fixed in libproc-processtable-perl 0.45-6
Date: Sun, 10 Feb 2013 14:48:39 +0000
Source: libproc-processtable-perl
Source-Version: 0.45-6

We believe that the bug you reported is fixed in the latest version of
libproc-processtable-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650500@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libproc-processtable-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Feb 2013 15:01:30 +0100
Source: libproc-processtable-perl
Binary: libproc-processtable-perl
Architecture: source amd64
Version: 0.45-6
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libproc-processtable-perl - Perl library for accessing process table information
Closes: 650500
Changes: 
 libproc-processtable-perl (0.45-6) unstable; urgency=low
 .
   * Add CVE-2011-4363.patch patch
     [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage. (Closes: #650500)
Checksums-Sha1: 
 7faec375cd6481c19adecce29bbcf9c5bf468ccc 2230 libproc-processtable-perl_0.45-6.dsc
 d4de5e85ca234ed3a294a853502cf74d9105d127 8620 libproc-processtable-perl_0.45-6.debian.tar.gz
 2238bc73ae3fa8cd2d90eebad02ca20f3840a524 48866 libproc-processtable-perl_0.45-6_amd64.deb
Checksums-Sha256: 
 8ea19379534ec7404c9110dbb208961d4e1e2bf98dc71175dbad5a48dab33b5c 2230 libproc-processtable-perl_0.45-6.dsc
 ad1a95b47b8080b227377de861432c32d49fd14909dbaa18a8226344ec7d6350 8620 libproc-processtable-perl_0.45-6.debian.tar.gz
 2e2499c179e7116f1ba8017251a1f8819b391a921cb3c0b633916ccde7218f5f 48866 libproc-processtable-perl_0.45-6_amd64.deb
Files: 
 fe0aefd22c971b79c21f4354eef66976 2230 perl optional libproc-processtable-perl_0.45-6.dsc
 a4a2d435652f48b100a9b34133118ce3 8620 perl optional libproc-processtable-perl_0.45-6.debian.tar.gz
 f213b7dcb1ee488a3596ea7c040a5cee 48866 perl optional libproc-processtable-perl_0.45-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRF6yEAAoJEHidbwV/2GP+w9oP/iW22tOYsIcKbUoJt3fkS6f5
22BGecOL/o7nLApIhMv6of4RSZqvUs9NgvJqdSCnkqjNMKBd1zUklBt8xuSwOQKD
grFjynUwlU4qAic8t1KvKWx0hGe57mpjn7vYX7FJON63s5S5NM17MaG8yy4sNXyb
TB6+7gBK7zuoWNChie8zjrze4Cr/wefyOej6fI7bT/waIp2GqjIfZwWx02MwXgUN
Yw6SYgiWynj2161+4q6R6YfvwrH5DNA/1rBY6Lip7pY0RBgaiIOdnrzQYvm4e+3f
8COMsA0stXjK5xJbIzCuC37zllH/uMwcQYL4q2UipmkG49i4KVmSOBzi5CQpfnYy
bTL8Pd3bhl0y00o6dyM84wuwG17j+1Rc1GfAaojsZsqxLxdFuiUEHYcHIHj02AZZ
1zr0uwh4hZck4O5ZLCybr3GniOd5G2VkUhSQf71uCwje+7OoDIkBSPtPP0gLW9oW
Pjd0aT+YEOPAKLHO6ZaBh/LkQ0Kq+GdSOiLUyyWm/PUyUSXq8iRnR79VwOW2oNsn
0gJ/G7Ej6Knm7uTn/C7C3W25bSyNSyF4O2POF/b84uAq2fTjU92RoBlOfXw0+P4P
mByPa30zCBsdTBq6KAh6xhRNXyA44syHYaMSEmrbIBW9Rk7E8KQOGeXhRfodYzZ3
GIaSRiT3P7YZ9VmrxrQe
=vjgH
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 10 Feb 2013 17:21:13 GMT) Full text and rfc822 format available.

Notification sent to Ansgar Burchardt <ansgar@debian.org>:
Bug acknowledged by developer. (Sun, 10 Feb 2013 17:21:13 GMT) Full text and rfc822 format available.

Message #42 received at 650500-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 650500-close@bugs.debian.org
Subject: Bug#650500: fixed in libproc-processtable-perl 0.45-1+squeeze1
Date: Sun, 10 Feb 2013 17:17:04 +0000
Source: libproc-processtable-perl
Source-Version: 0.45-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libproc-processtable-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650500@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libproc-processtable-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Feb 2013 16:16:41 +0100
Source: libproc-processtable-perl
Binary: libproc-processtable-perl libproc-process-perl
Architecture: source amd64 all
Version: 0.45-1+squeeze1
Distribution: stable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libproc-process-perl - Dummy package for libproc-processtable-perl rename
 libproc-processtable-perl - Perl library for accessing process table information
Closes: 650500
Changes: 
 libproc-processtable-perl (0.45-1+squeeze1) stable; urgency=low
 .
   * Team upload.
   * [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage (Closes: #650500)
Checksums-Sha1: 
 4e18641f46d616d5457b2f12ccf42eed3c2c86ce 2183 libproc-processtable-perl_0.45-1+squeeze1.dsc
 3c409fe6be688de7195135f7e33e38c9a880030d 5680 libproc-processtable-perl_0.45-1+squeeze1.diff.gz
 9912e7115d1b40ec3315a4459abf1412dd5eba02 49400 libproc-processtable-perl_0.45-1+squeeze1_amd64.deb
 af315467053b405e10629cf65b6f3cded4babac6 11966 libproc-process-perl_0.45-1+squeeze1_all.deb
Checksums-Sha256: 
 3bfe1b20ecfc30480d65ceb90d553681b30d92c4b8d28a8d3855b315d30b1334 2183 libproc-processtable-perl_0.45-1+squeeze1.dsc
 7a3507ac3a11601b554a5797e0b7d104bfef26696b23c6cdde95c140ddfde07c 5680 libproc-processtable-perl_0.45-1+squeeze1.diff.gz
 56460e24a9b951b590261df95d2ec80979a06d45f3089995c6ee31294703c56a 49400 libproc-processtable-perl_0.45-1+squeeze1_amd64.deb
 d578af11e9829ed39da2a65430570c8e38a669119442e8f6848ad4bd6ba3a827 11966 libproc-process-perl_0.45-1+squeeze1_all.deb
Files: 
 7079b3a62b7edc5c0ac8afce6bd4dc48 2183 perl optional libproc-processtable-perl_0.45-1+squeeze1.dsc
 f22cd0cb7e1246a627ae17cc4404bba7 5680 perl optional libproc-processtable-perl_0.45-1+squeeze1.diff.gz
 ca4432e9471c28bd0148b1d05ed33719 49400 perl optional libproc-processtable-perl_0.45-1+squeeze1_amd64.deb
 da7f77a2c99d6e789807c424188e3cae 11966 perl optional libproc-process-perl_0.45-1+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRF8CVAAoJEHidbwV/2GP+xvcQALzdK5pzBKlhQ05f4TUgdP/2
jI+IFFiZX3pgmp5F4DZ9DpgkQ3rF80vdOscrirqt/RD4CWd+C0NTY6ZbXrqyf44m
verN4yMP0Ptav/2eNR/UyUgA/sgdvh881IQ50tIOkG2QaZmhsKwKx3FCwqyCuaFS
Ep9pbk93q3NSA32xHszwHs389adHjNbyc/nOM4NgobdLjqHwVMrTg15mMZR52Edo
ur4D8qhbloM5PF+0faXCFbHL16rv6dvpR3uQjA6Qau412xBjk7R3H8Hj9rOUwxRG
G7uLOisDobxeBDOaSVBxAcj66tQIiIU4UD7lY++/cpdr45GJfeiolN4Y5dN2btJk
TgHt85/KlO4QHg6/O5GRxWIh+x2zROZMEoSZ8FZKCaqVzJCyCINxvcEUFXF5S7Vz
y6zCsvPY4YuJrSfo3Q0atziYD2/IH1HK2UlV5Tnp49iMxgp5PlSDKzxP4AtMQHYH
hxcOCF3GeO5wrfP1YMY+hCHAkC5zo5/TwV5VGp4jUmJncQno76Lf/3rurTvWXpWQ
BC46CjYIMwP0PQ/sl1KpGVqCrqB+uCF+5/OwDyxLEVh9hHLSj3a2WwuL8gt302qg
VS4evBO9B111O1tasBD5fQ8A8aRshi2sxbTnNg6J0cy8fuelDpHw5YJS10A6cq1k
SulBP1cxgoVSjV/RQ+Si
=V4HG
-----END PGP SIGNATURE-----




Added tag(s) pending. Request was from pkg-perl-maintainers@lists.alioth.debian.org to control@bugs.debian.org. (Sun, 10 Feb 2013 17:24:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#650500; Package libproc-processtable-perl. (Sun, 10 Feb 2013 17:24:12 GMT) Full text and rfc822 format available.

Message #47 received at 650500@bugs.debian.org (full text, mbox):

From: pkg-perl-maintainers@lists.alioth.debian.org
To: 650500@bugs.debian.org, 650500-submitter@bugs.debian.org
Subject: Pending fixes for bugs in the libproc-processtable-perl package
Date: Sun, 10 Feb 2013 17:22:50 +0000
tag 650500 + pending
thanks

Some bugs in the libproc-processtable-perl package are closed in
revision 368149c7aee56bc88dff4f7bd0f62e8e60b2a4b9 in branch ' 
squeeze' by Salvatore Bonaccorso

The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-processtable-perl.git;a=commitdiff;h=368149c

Commit message:

    [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage
    
    Closes: #650500




Message sent on to Ansgar Burchardt <ansgar@debian.org>:
Bug#650500. (Sun, 10 Feb 2013 17:24:14 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 08 May 2013 07:25:56 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:28:00 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.