75104 – [PATCH] devel/cscope: security fix CAN-2004-0996

Bug 75104 - [PATCH] devel/cscope: security fix CAN-2004-0996

Summary: [PATCH] devel/cscope: security fix CAN-2004-0996

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Pete Fritchman

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-15 12:10 UTC by Matthias Andree
Modified:	2004-12-15 16:38 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
cscope-15.5_1.patch (2.25 KB, patch) 2004-12-15 12:10 UTC, Matthias Andree	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Andree 2004-12-15 12:10:27 UTC

(1) Apply patch (sans version bump) from cscope CVS as files/patch-ac,
http://cvs.sourceforge.net/viewcvs.py/cscope/cscope/src/main.c?r1=1.33&r2=1.34&sortby=date&diff_format=u
to fix CAN-2004-0996 "main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996
http://www.vuxml.org/freebsd/a7bfd423-484f-11d9-a9e7-0001020eed82.html
http://www.freebsd.org/ports/portaudit/a7bfd423-484f-11d9-a9e7-0001020eed82.html

(2) Bump portrevision.

Added file(s):
- files/patch-ac

Port maintainer (petef@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.63

Comment 1 Pete Fritchman freebsd_committer

2004-12-15 15:46:07 UTC

Responsible Changed
From-To: freebsd-ports-bugs->petef

my port.

Comment 2 Pete Fritchman freebsd_committer

2004-12-15 16:38:02 UTC

State Changed
From-To: open->closed

Committed, thanks.