[SCM] Debian packaging of libproc-processtable-perl branch, master, updated. debian/0.45-6-13-ga3a3196
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 10 14:25:54 UTC 2013
The following commit has been merged in the master branch:
commit 3d4fc5c728ccfa6601c4a24824c41ecf495ed459
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sun Feb 10 15:00:47 2013 +0100
Add CVE-2011-4363.patch patch
[SECURITY] CVE-2011-4363: Fix unsafe temporary file usage.
Closes: #650500
diff --git a/debian/patches/CVE-2011-4363.patch b/debian/patches/CVE-2011-4363.patch
new file mode 100644
index 0000000..c9c7619
--- /dev/null
+++ b/debian/patches/CVE-2011-4363.patch
@@ -0,0 +1,31 @@
+Description: CVE-2011-4363: Fix unsafe use of /tmp
+Origin: upstream, https://github.com/jonswar/perl-proc-processtable/commit/7b6abfd80fa7e05caa862ec819ec9da061d32639
+Bug: https://rt.cpan.org/Ticket/Display.html?id=72862
+Bug-Debian: http://bugs.debian.org/650500
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2013-02-10
+
+--- a/ProcessTable.pm
++++ b/ProcessTable.pm
+@@ -4,6 +4,7 @@
+
+ use strict;
+ use Carp;
++use Fcntl;
+ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $AUTOLOAD);
+
+ require Exporter;
+@@ -109,7 +110,11 @@
+ $self->_get_tty_list;
+ my $old_umask = umask;
+ umask 022;
+- Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
++
++ sysopen( my $ttydevs_fh, $TTYDEVSFILE, O_WRONLY | O_EXCL | O_CREAT )
++ or die "$TTYDEVSFILE was created by other process";
++ Storable::store_fd( \%Proc::ProcessTable::TTYDEVS, $ttydevs_fh );
++ close $ttydevs_fh;
+ umask $old_umask;
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 2e86906..9553fe2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
spelling.patch
646785-add-new-states.patch
696874-fix-Buffer-overflow-in-pctcpu.patch
+CVE-2011-4363.patch
--
Debian packaging of libproc-processtable-perl
More information about the Pkg-perl-cvs-commits
mailing list