Hi,
Note that the following packages contain copies of uudeview:
dnprogs: mail/uulib/uulib.c (0.5.13)
goldedplus: build/goldlib/uulib/uulib.c (0.5.15)
libconvert-uulib-perl: uulib/uulib.c (0.5.20)
Fortunately, the version in libconvert-uulib-perl has been patched to
use mkstemp(3) and is n
* Frank Lichtenheld:
> On Sat, Sep 03, 2005 at 11:53:52PM +0200, Florian Weimer wrote:
>> * Frank Lichtenheld:
>>
>> > I mean, after closing fd _and_ unlinking the temporary file it is
>> > completly gone and the race is open again, isn't it? Wouldn't be
>> > the right fix to return the fd from t
On Sat, Sep 03, 2005 at 11:53:52PM +0200, Florian Weimer wrote:
> * Frank Lichtenheld:
>
> > I mean, after closing fd _and_ unlinking the temporary file it is
> > completly gone and the race is open again, isn't it? Wouldn't be
> > the right fix to return the fd from the function and not bother
>
* Frank Lichtenheld:
> I mean, after closing fd _and_ unlinking the temporary file it is
> completly gone and the race is open again, isn't it? Wouldn't be
> the right fix to return the fd from the function and not bother
> about the filename at all?
In the interest of a minimal change, it might
On Sat, Jul 30, 2005 at 12:54:10AM -0400, Joey Hess wrote:
> CAN-2004-2265 is a security hole in uudeview, although you won't find
> much useful info in the advisories associated with that CAN.
[...]
> This is a race, exploitable when uudeview is run on standard input.
> I'm attaching OpenPKG's ent
Package: uudeview
Version: 0.5.20-2
Severity: serious
Tags: security
CAN-2004-2265 is a security hole in uudeview, although you won't find
much useful info in the advisories associated with that CAN.
After downloading OpenPKG's fix from
tp://ftp.openpkg.org/release/2.0/UPD/uudeview-0.5.19-2.0.1.s
6 matches
Mail list logo
