[libiptables-parse-perl] 01/02: Add CVE-2015-8326.patch patch
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 26 21:36:34 UTC 2015
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch wheezy
in repository libiptables-parse-perl.
commit 11ed0eb200884a9a1c07329a750aa9c6bb49b731
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Thu Nov 26 17:32:34 2015 +0100
Add CVE-2015-8326.patch patch
CVE-2015-8326: Use of predictable names for temporary files.
---
debian/patches/CVE-2015-8326.patch | 46 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 47 insertions(+)
diff --git a/debian/patches/CVE-2015-8326.patch b/debian/patches/CVE-2015-8326.patch
new file mode 100644
index 0000000..207654c
--- /dev/null
+++ b/debian/patches/CVE-2015-8326.patch
@@ -0,0 +1,46 @@
+Description: Don't use predictable names for temporary files
+ This allows an attacker on a multi-user system to set up symlinks to
+ overwrite any file the current user has write access to.
+ .
+ Don't recommend users of this module to use predictable names either.
+Origin: backport, https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1267962
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2015-11-26
+Applied-Upstream: 1.6
+
+---
+ lib/IPTables/Parse.pm | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/lib/IPTables/Parse.pm
++++ b/lib/IPTables/Parse.pm
+@@ -17,6 +17,7 @@ package IPTables::Parse;
+ use 5.006;
+ use POSIX ":sys_wait_h";
+ use Carp;
++use File::Temp;
+ use strict;
+ use warnings;
+ use vars qw($VERSION);
+@@ -29,8 +30,8 @@ sub new() {
+
+ my $self = {
+ _iptables => $args{'iptables'} || $args{'ip6tables'} || '/sbin/iptables',
+- _iptout => $args{'iptout'} || '/tmp/ipt.out',
+- _ipterr => $args{'ipterr'} || '/tmp/ipt.err',
++ _iptout => $args{'iptout'} || mktemp('/tmp/ipt.out.XXXXXX'),
++ _ipterr => $args{'ipterr'} || mktemp('/tmp/ipt.err.XXXXXX'),
+ _ipt_alarm => $args{'ipt_alarm'} || 30,
+ _debug => $args{'debug'} || 0,
+ _verbose => $args{'verbose'} || 0,
+@@ -701,8 +702,6 @@ IPTables::Parse - Perl extension for par
+
+ my %opts = (
+ 'iptables' => $ipt_bin,
+- 'iptout' => '/tmp/iptables.out',
+- 'ipterr' => '/tmp/iptables.err',
+ 'debug' => 0,
+ 'verbose' => 0
+ );
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..cd5e164
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2015-8326.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libiptables-parse-perl.git
More information about the Pkg-perl-cvs-commits
mailing list