Attachment #53332 for bug #80671

View | Details | Raw Unified | Return to bug 80671
Collapse All | Expand All

Lines 7-13 Link Here

(-)japanese/groff/Makefile (-2 / +3 lines)
7		7
8	PORTNAME= groff	8	PORTNAME= groff
9	PORTVERSION= 1.18.1	9	PORTVERSION= 1.18.1
10	PORTREVISION= 7	10	DISTVERSIONSUFFIX= .1
		11	PORTREVISION= 8
11	CATEGORIES= japanese print	12	CATEGORIES= japanese print
12	MASTER_SITES= ${MASTER_SITE_LOCAL:S,%SUBDIR%,okazaki/&,} \	13	MASTER_SITES= ${MASTER_SITE_LOCAL:S,%SUBDIR%,okazaki/&,} \
13	${MASTER_SITE_DEBIAN:S,$,:debian,}	14	${MASTER_SITE_DEBIAN:S,$,:debian,}
Lines 16-22 Link Here
16		17
17	PATCH_SITES= ${MASTER_SITE_DEBIAN}	18	PATCH_SITES= ${MASTER_SITE_DEBIAN}
18	PATCH_SITE_SUBDIR= pool/main/g/groff	19	PATCH_SITE_SUBDIR= pool/main/g/groff
19	PATCHFILES= ${DISTNAME:S,-,_,}-15.diff.gz	20	PATCHFILES= ${DISTNAME:S,-,_,}-7.diff.gz
20	PATCH_DIST_STRIP= -p1	21	PATCH_DIST_STRIP= -p1
21		22
22	MAINTAINER= okazaki@FreeBSD.org	23	MAINTAINER= okazaki@FreeBSD.org

Lines 1-6 Link Here

(-)japanese/groff/distinfo (-4 / +4 lines)
1	MD5 (groff_1.18.1.orig.tar.gz) = 4c7a1b478d230696f14743772f31639f	1	MD5 (groff_1.18.1.1.orig.tar.gz) = 511dbd64b67548c99805f1521f82cc5e
2	SIZE (groff_1.18.1.orig.tar.gz) = 2250463	2	SIZE (groff_1.18.1.1.orig.tar.gz) = 2260623
3	MD5 (tmac-20030521_2.tar.gz) = 09e930a9690593b5de7118ae43962074	3	MD5 (tmac-20030521_2.tar.gz) = 09e930a9690593b5de7118ae43962074
4	SIZE (tmac-20030521_2.tar.gz) = 136303	4	SIZE (tmac-20030521_2.tar.gz) = 136303
5	MD5 (groff_1.18.1-15.diff.gz) = bb318ec68be02c8b0d8a834f9f296195	5	MD5 (groff_1.18.1.1-7.diff.gz) = 363c4419e76af510948ba6472d0bd75c
6	SIZE (groff_1.18.1-15.diff.gz) = 117862	6	SIZE (groff_1.18.1.1-7.diff.gz) = 126964





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="01bb84e2-bd88-11d9-a281-02e018374e71">
    <topic>groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary file</topic>
    <affects>
      <package>
	<name>ja-groff</name>
	<range><lt>1.18.1_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The eqn2graph and pic2graph scripts in groff 1.18.1
	  allow local users to overwrite arbitrary files via
	  a symlink attack on temporary files.</p>
      </body>
    </description>
    <references>
      <bid>12058</bid>
      <cvename>CAN-2004-1296</cvename>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371</url>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372</url>
    </references>
    <dates>
      <discovery>2004-12-20</discovery>
      <entry>2005-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="169f422f-bd88-11d9-a281-02e018374e71">
    <topic>groff -- groffer uses temp files unsafely</topic>
    <affects>
      <package>
	<name>ja-groff</name>
	<range><lt>1.18.1_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The groffer script in the Groff package 1.18 and later versions
	  allows local users to overwrite files via a symlink attack 
	  on temporary files.</p>
      </body>
    </description>
    <references>
      <bid>11287</bid>
      <cvename>CAN-2004-0969</cvename>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265</url>
    </references>
    <dates>
      <discovery>2004-09-30</discovery>
      <entry>2005-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="5f003a08-ba3c-11d9-837d-000e0c2e438a">
    <topic>sharutils -- unshar insecure temporary file creation</topic>
    <affects>

Return to bug 80671

Lines 32-37 Link Here

(-)security/vuxml/vuln.xml (+53 lines)
32		32
33	-->	33	-->
34	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	34	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		35	<vuln vid="01bb84e2-bd88-11d9-a281-02e018374e71">
		36	<topic>groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary file</topic>
		37	<affects>
		38	<package>
		39	<name>ja-groff</name>
		40	<range><lt>1.18.1_8</lt></range>
		41	</package>
		42	</affects>
		43	<description>
		44	<body xmlns="http://www.w3.org/1999/xhtml">
		45	<p>The eqn2graph and pic2graph scripts in groff 1.18.1
		46	allow local users to overwrite arbitrary files via
		47	a symlink attack on temporary files.</p>
		48	</body>
		49	</description>
		50	<references>
		51	<bid>12058</bid>
		52	<cvename>CAN-2004-1296</cvename>
		53	<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371</url>
		54	<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372</url>
		55	</references>
		56	<dates>
		57	<discovery>2004-12-20</discovery>
		58	<entry>2005-05-06</entry>
		59	</dates>
		60	</vuln>
		61
		62	<vuln vid="169f422f-bd88-11d9-a281-02e018374e71">
		63	<topic>groff -- groffer uses temp files unsafely</topic>
		64	<affects>
		65	<package>
		66	<name>ja-groff</name>
		67	<range><lt>1.18.1_8</lt></range>
		68	</package>
		69	</affects>
		70	<description>
		71	<body xmlns="http://www.w3.org/1999/xhtml">
		72	<p>The groffer script in the Groff package 1.18 and later versions
		73	allows local users to overwrite files via a symlink attack
		74	on temporary files.</p>
		75	</body>
		76	</description>
		77	<references>
		78	<bid>11287</bid>
		79	<cvename>CAN-2004-0969</cvename>
		80	<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265</url>
		81	</references>
		82	<dates>
		83	<discovery>2004-09-30</discovery>
		84	<entry>2005-05-06</entry>
		85	</dates>
		86	</vuln>
		87
35	<vuln vid="5f003a08-ba3c-11d9-837d-000e0c2e438a">	88	<vuln vid="5f003a08-ba3c-11d9-837d-000e0c2e438a">
36	<topic>sharutils -- unshar insecure temporary file creation</topic>	89	<topic>sharutils -- unshar insecure temporary file creation</topic>
37	<affects>	90	<affects>