Bug 62786

Summary: [SECURITY] devel/libtool1[345]: symlink vulnerability
Product: Ports & Packages Reporter: Oliver Eikemeier <eikemeier>
Component: Individual Port(s)Assignee: Ade Lovett <ade>
Status: Closed FIXED    
Severity: Affects Only Me CC: ade
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Oliver Eikemeier 2004-02-13 14:20:14 UTC 
Stefan Nordhausen found a symlink vulnerability in libtool prior to version 1.5.2.
Libtool insecurely creates a temporary directory when a package using libtool is
being compiled.

- update libtool 1.3 to 1.3.5_2
- update libtool 1.4 to 1.4.3_3
- update libtool 1.5 to 1.5.2
- use SIZE and MASTER_SITE_GNU

Reference: <http://www.securityfocus.com/archive/1/352333>, fix from
           <http://www.securityfocus.com/archive/1/352519>
Comment 1 Oliver Eikemeier freebsd_committer freebsd_triage 2004-02-13 14:20:57 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ade

over to libtool maintainer
Comment 2 Ade Lovett freebsd_committer freebsd_triage 2004-02-13 20:20:03 UTC 
State Changed
From-To: open->closed

Patches/updates applied. 

Y'all beat me to this one by a couple hours :) 

Thanks.